I'm new in k8s and can't get how to use SSL with ingress. Here is my app yaml:
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
name: app-name
namespace: default
spec:
replicas: 2
selector:
matchLabels:
app: app-name
template:
metadata:
labels:
app: app-name
spec:
containers:
- name: app-name
image: dockerhub:app-name
imagePullPolicy: Always
ports:
- containerPort: 80
imagePullSecrets:
- name: registrypullsecretAnd ingress yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- sub.example.com
secretName: tls-secret
rules:
- host: sub.example.com
http:
paths:
- backend:
serviceName: app-name
servicePort: 80
path: /And my tls-secret yaml
apiVersion: v1
kind: Secret
metadata:
name: tls-secret
namespace: default
data:
tls.crt: |
MIIFfD...
tls.key: |
MIIEvQ...My app hosted on DigitalOcean but i use external DNS. I applied tls-secret by
kubectl apply -f tls-secret.yamlAnd tried to open app in browser and it still not secured. Browser says that certificate is not valid "Kubernetes Ingress Controller Fake Certificate" Should I do some extra configs or i have mistake in manifests files?
I recommend you to simply follow the below mentioned steps -
Install cert-manager from here using the steps those are helm chart based
The you can follow this stackoverflow post
Note that - you need not create the tls secret here, cert-manager will auto create the secret by name mentioned in your certificate, cert-manager will carryout acme challenge once you patch the secret name to TLS and once it gets successful, the certificate acquires ready state.
use
cert-manager.io/v1alpha2this api version in cluster issuer, if the one mentioned there only is not acceptable