There are different ways to configure a Kubernetes Cluster to use TLS Certificates. Kublr includes integration with Let’s Encrypt.
To use this option, go to the Cluster Creation Screen and perform these steps:
Kublr will install the components required for requesting TLS certificates.
kubernetes.io/tls-acme to your Ingress resource.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: my-ingress annotations: kubernetes.io/tls-acme: "true" spec: tls: - secretName: tls-mydomain.example.com hosts: - mydomain.example.com
tls section in Ingress resource definition, as shown above.
Kubernetes also supports a case in which you have an existing TLS/SSL certificate that you want to use. To configure your Ingress to use such certificate:
Create secret which will contain the certificate and private key.
apiVersion: v1 data: tls.crt: base64 encoded cert tls.key: base64 encoded key kind: Secret metadata: name: tls-secret namespace: default type: Opaque
Reference this secret in your Ingress resource definition:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: myingress spec: tls: - secretName: tls-secret backend: serviceName: my-app servicePort: 80
For additional information, please see Kubernetes Ingress TLS.