I am install gitlab with helm, I have created the certificate in kubernetes with the below commands.
However when i run the helm install, and i enter the address in the browers (ip-address.nip.io) I still get "Your connection is not private" message. I have installed the certificate to my Trusted Root Certificate Authority.
When I inspect the certificate details from the browser, i see that it still shows the Subject Alternative Name -> DNS Name=ingress.local
I am unable to get the my endpoint of ip-address.nip.io from the browser and that is the goal.
K8s certificate
cat <<EOF | cfssl genkey - | cfssljson -bare server
{
"hosts": [
"<ip-address>.nip.io",
"registry.<ip-address>.nip.io",
"gitlab.<ip-address>.nip.io",
"minio.<ip-address>.nip.io"
],
"CN": "<ip-address>.nip.io",
"key": {
"algo": "rsa",
"size": 2048
}
}
EOF
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: <ip-address>.nip.io
spec:
request: $(cat server.csr | base64 | tr -d '\n')
usages:
- digital signature
- key encipherment
- server auth
EOF
kubectl certificate approve <ip-address>.nip.io
kubectl get csr <ip-address>.nip.io -o jsonpath='{.status.certificate}' | base64 --decode > server.crt
kubectl create secret tls <secret-name> --key server-key.pem --cert server.crt
Check your ingress hosts config and secrets are properly getting set
spec:
tls:
- secretName: cert-secret
hosts:
- app.dev.example.com <---- this entry should match below
- secretName: dev-wildcard-tls-cert
hosts:
- "*.app.example.com" <---- this entry should match below
rules:
- host: app.dev.example.com <---- this entry should match
http:
paths:
- path: /
backend:
serviceName: service-2
servicePort: 80
- host: "*.app.example.com" <---- this entry should match
http:
paths:
- path: /
backend:
serviceName: service-1
servicePort: 80