How to deploy newly generated SSL certificate to the applications which are running under kubernetes cluster?

10/5/2019

Need to deploy the newly generated SSL certificate to the applications which are running under kubernetes cluster.

Is it possible to update the certificate using kubernetes dashboard? what is the kubectl or kubeadm command to update the new SSL certificate to the (https) applications?

-- Ramkumar D
kubeadm
kubectl
kubernetes
ssl-certificate

2 Answers

10/10/2019

@Ramkumar

If you are looking for the kubectl command, you can use the below one:

kubectl -n ingress create secret tls default-ssl-certificate --key key.pem --cert cert.pem

Once we have a secret with certificate we want to use, we need to update containers spec in the ingress controller’s deployment to include the default-ssl-certificate secret name.

```
  apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
    name: ingress
  spec:
    rules:
     - host: yourhost.com 
    https:
      paths:
       - backend:
          serviceName: yourservicename
          servicePort: 443
         path: /
    tls:
       - hosts:
          - yourhost.com
         secretName: default-ssl-certificate
```
-- Vishnu Nair
Source: StackOverflow

10/5/2019

It depends on how you are using the SSL certs in your application. If you use a Loadbalancer to expose your service, you can setup the SSL in your cloud itself, For eg: If you're using AWS, you can create an SSL cert using AWS Certificate Manager and use it in your AWS ELB. If your application is using ingress controller or any other method, maybe you can store your SSL certificates in your K8s secrets.

apiVersion: v1
kind: Secret
metadata:
  name: testsecret-tls
  namespace: default
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
type: kubernetes.io/tls
-- Vishnu Nair
Source: StackOverflow