Ingress TLS/SSL Setup

Using SSL/TLS certificates for HTTPS

There are different ways to configure a Kubernetes Cluster to use TLS Certificates. Kublr includes integration with Let’s Encrypt.

Installation

To use this option, go to the Cluster Creation Screen and perform these steps:

  1. Enable Kublr Feature Ingress.
  2. Enable Use Let’s Encrypt checkbox.
  3. Enter your email address.
  4. Select production let’s encrypt API server from the dropdown list (Currently it is https://acme-v01.api.letsencrypt.org/directory).
  5. After installation, configure your DNS as it is described in DNS Setup page

Kublr will install the components required for requesting TLS certificates.

Usage

Add annotation kubernetes.io/tls-acme to your Ingress resource.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/tls-acme: "true"
spec:
  tls:
    - secretName: tls-mydomain.example.com
      hosts:
        - mydomain.example.com

Specify tls section in Ingress resource definition, as shown above.

Using existing TLS/SSL certificates.

Kubernetes also supports a case in which you have an existing TLS/SSL certificate that you want to use. To configure your Ingress to use such certificate:

Create secret which will contain the certificate and private key.

apiVersion: v1
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
kind: Secret
metadata:
  name: tls-secret
  namespace: default
type: Opaque

Reference this secret in your Ingress resource definition:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myingress
spec:
  tls:
  - secretName: tls-secret
  backend:
    serviceName: my-app
    servicePort: 80

For additional information, please see Kubernetes Ingress TLS.

References

  1. Kubernetes Ingress TLS
  2. Kube Lego
  3. Let’s Encrypt

Questions? Suggestions? Need help? Contact us.