A Python based Flask HTTP server is running on Google Kubernetes cluster as Docker container. It is implemented as a single pod flask-http-deployment and placed behind a Load Balancer.
The HTTP server's Python code is quite simple and does not support HTTPS protocol. But other applications will need to communicate with this server via HTTPS. So there is a need to implement a support for HTTPS.
From what I read (please correct me if I am wrong), the HTTPS support could be implemented by configuring the flask-http-deployment with a secret.
Here are the steps I followed:
my-cert.crt and my-key.key files:openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout my-key.key -out my-cert.crt -subj '//CN=mydomain.com'
my-cert.crt and my-key.key files in place I created Kubernetes secret:kubectl create secret tls my-secret --key=my-key.key --cert=y-cert.crt
How should I now modify the flask-http-deployment yaml file with a secret I've just created?
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: flask-http-deployment
spec:
replicas: 5
minReadySeconds: 10
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
template:
metadata:
labels:
app: flask-http-app
spec:
containers:
- name: flask-http-container
image: gcr.io/my-project-id/flask-http-container
ports:
- containerPort: 80
imagePullPolicy: IfNotPresentHere is the Load Balancer yaml, in case it is needed:
apiVersion: v1
kind: Service
metadata:
name: flask-http-load-balancer
labels:
app: flask-http-app
spec:
type: LoadBalancer
ports:
- port: 80
nodePort: 30000
protocol: TCP
name: flask
selector:Check out nginx ingress allows you to attach SSL certificates to your pods.
I am not sure about the secret , and where are you using the secret that you created , but supporting https is the same as in traditional world , put an https termination proxy in front of your app service , such as an nginx pod or an nginx ingress controller ( use your secret in there )
or terminate SSL/TLS in your external load balancer.