JRehkemper.de

Kubernetes Ingress with Custom SSL-Cert for HTTPS

I assume you already have an valid SSL-Certificate and the corresponding key.

The SSL connection and certificate will be handled by the ingress-controller. Therefor we do not need to include the SSL-certs into the container images but the manifest instead. That way you can change the certificate without building new images.

Create a Secret

To reference the Certificate in the manifest we need to provide the certificate and the key to kubernetes. This is done by creating a secret.

It is important to convert both files to base64. Otherwise this will not work.

cat server.crt | base64

cat server.key | base64

Next we will create the secret in our manifest.

apiVersion: v1
kind: Secret
metadata:
	name: ssl-cert
	namespace: server-center
type: kubernetes.io/tls
data:
	tls.crt: |
		LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlIZHpDQ0JsK2dBd0lCQWdJVEhRQUJPbGxM
		djE1dTJDaU9hQUFEQUFFNldUQU5CZ2txaGtpRzl3MEJBUXNGDQpBREJLTVFzd0NRWURWUVFHRXdK
		...  
	tls.key: |
		LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB
	    QVNDQktZd2dnU2lBZ0VBQW9JQkFRRGk1ZTZtTC8wRTE4UGsKNUdoNDRrdzBtZXRTL3gwMU1TU0lL
	    ...

Create Ingress

Now we will create the ingress and reference the SSL-Cert for that.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
	name: my-ingress
	namespace: my-namespace
spec:
	tls:
		host:
			- my-hostname
		secretName: ssl-cert
	rules:
		- host: my-hostname
		  http:
			paths:
			  - pathType: Prefix
			    path: "/"
			    backend:
				  service:
					name: frontend-service
					port:
					  number: 80

Now your Ingress will accept HTTP and HTTPS.

profile picture of the author

Jannik Rehkemper

I'm an professional Linux Administrator and Hobby Programmer. My training as an IT-Professional started in 2019 and ended in 2022. Since 2023 I'm working as an Linux Administrator.