K
Q

How can I enable SSL for Kubernetes services?

3/1/2020

I have a Google Kubernetes Engine with a spring boot application that has a public service endpoint. But I would like to change the endpoint from http://... to a secure https://... .

For example: https://xx.xxx.xx.xxxx:8085/getAllStudent instead of http://xx.xxx.xx.xxxx:8085/getAllStudent

How can i solve this?

-- Ashikur Rahman Rashid
google-app-engine
google-cloud-platform
google-kubernetes-engine
spring-boot

Similar Questions

Kubernetes Ingress network policy working as expected, egress is blocking all traffic
Fluentd elasticsearch plugin not connecting to Elasticsearch from Kubernetes on a Raspberry Pi
Kubernetes how to load balance EXTERNAL persistent tcp connections?
How to check external metrics data in Kubernetes?

1 Answer

3/1/2020

It looks like you are using then NodePort type of your services. If you want to accept HTTPS over this port your service behind it simply needs to open a HTTPS server instead of an HTTP server.

Using NodePort like this is not a recommend way but rather use the proper Ingress functionality in Kubernetes in order to expose a service over a host name. Ingress then supports supplying an SSL certificate that can be used to encrypt traffic over HTTPS.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: tls-example-ingress
spec:
  tls:
  - hosts:
    - sslexample.foo.com
    secretName: testsecret-tls
  rules:
    - host: sslexample.foo.com
      http:
        paths:
        - path: /
          backend:
            serviceName: service1
            servicePort: 80
-- Hans Kristian
Source: StackOverflow