K
Q

How to make ingress use my TLS Certificate in Microk8s

4/26/2021

I have the following Ingress configuration:

apiVersion: networking.k8s.io/v1        
kind: Ingress
metadata:
  name: http-ingress
spec:
  rules:
  - host: example-adress.com
    http:
      paths:
        - path: /apple
          pathType: Prefix
          backend:
            service:
                name: apple-service
                port: 
                  number: 80
        - path: /banana
          pathType: Prefix
          backend:
            service:
                name: banana-service
                port: 
                  number: 80
  tls: 
    - hosts: 
        - example-adress.com
      secretName: testsecret-tls

And i also created the Secret:

apiVersion: v1
kind: Secret
metadata:
  name: testsecret-tls
  namespace: default
data:
  tls.crt: path to .crt
  tls.key: Zpath to .key
type: kubernetes.io/tls

But when i connect to one of my services and check the certificate it says that it uses a cert created by Kubernetes Ingress Controller Fake certificate. When i run microk8s kubectl describe ingress i get the following output:

Name:             http-ingress
Namespace:        default
Address:          127.0.0.1
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
 testsecret-tls terminates example-adress.com
Rules:
 Host               Path  Backends
 ----               ----  --------
 example-adress.com
                    /apple    apple-service:80 (10.1.55.17:5678)
                    /banana   banana-service:80 (10.1.55.10:5678)
Annotations:         <none>
Events:
 Type    Reason  Age                From                      Message
 ----    ------  ----               ----                      -------
 Normal  CREATE  28m                nginx-ingress-controller  Ingress default/http-ingress
 Normal  UPDATE  20m (x2 over 28m)  nginx-ingress-controller  Ingress default/http-ingress

What do i need to change to make my Ingress use my Cert instead of generating a new one everytime?

-- timmmmmb
kubernetes
kubernetes-ingress
microk8s

Similar Questions

Cron Job in Openshift not a valid Template but *batch.CronJob with yml
openssl create CA, server certificate, and client certificate
connection attempt failed: SocketException: Error connecting to 127.0.0.1:27017 :: caused by :: Connection refused :
Resizing disk on google cloud kubernetes
Kubernetes error code 403: user anonymous cannot get path

1 Answer

4/27/2021

Posting this out of comment as it works.

Based on your tls secret yaml, you tried to add certificate and private key using paths, which is not supported currently (reference) Fragment from reference:

When using this type of Secret, the tls.key and the tls.crt key must be provided in the data (or stringData) field of the Secret configuration, although the API server doesn't actually validate the values for each key.

Therefore there are two suggestions how to move forward:

  • Add base64 encrypted values for key and certificate to tls secret
  • Allow kubernetes do it for you with the following command: kubectl create secret tls testsecret-tls --cert=tls.cert --key=tls.key
-- moonkotte
Source: StackOverflow