In kubernetes, deployment and service using type "LoadBalancer" is created for Nginx application. code is here. The application is accessible using External IP 10.120.x.y . The application is not exposed via HTTPS, it is insecure.

root@desktop:~/github/nginx-app# kubectl get svc
NAME                                       TYPE           CLUSTER-IP       EXTERNAL-IP                    PORT(S)                                                                   AGE
nginx-cms-service                          LoadBalancer   10.100.x.y   10.120.x.y,100.x.y.z   80:30596/TCP

I need expose application(obviously its service) via HTTPS using TLS in ingress (not sure whether this is the right approach to expose the application via https) I deployed the kubernetes nginx ingress controller and need to create the ingress for application. I am stuck while creating ingress, need to create the tls.crt and tls.key then create secret using the below commands for ingress.

• I do not know what is value to pass to variable HOST and what is the significance that HOST name will make?
• how and what is the external name by which the application will be accessible? Do I need an DNS entry to resolve the name to get to the application?

Generally, it make sense to use servername for server certificates like SERVERNAME.key, SERVERNAME.crt, where SERVERNAME is the actual hostname of the server. is the certificate created for ingress or service or application?

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"
kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}

my ingress.yaml has value for spec.rules.host: nginx-cms-app.com, so using the name like below. Is this correct?

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx-cms-app.com.key -out nginx-cms-app.com.crt -subj "/CN=nginx-cms-app.com/O=nginx-cms-app.com"
kubectl create secret tls nginx-cms-app.com --key nginx-cms-app.com.key --cert nginx-cms-app.com.crt