...
These two web pages, while very simple, assure us that the addressing mechanism works correctly. Of course, if you don't enter any path (/tea or /coffee) after the host, you will get the message "404 Not Found". This happens because we have not associated any service in our ingress resource in the "homepage" of the host (i.e. the "- path: /" is not configured).
Configuring TLS certificate
If you pay attention to the address bar, you will notice the message "your connection to this site is not secure". Our goal is to secure the connection. This will show itself visually with the appearance of the small padlock in the address bar.
First, we need to get the certificate for our site (cafe.example.com), which will come in handy shortly. We then create a new Kubernetes component, called Secret. To create it we use the cafe-secret.yaml file, which we had previously set aside, replacing the keys already present with those obtained from the certificate (in the next sub-paragraph there is a little insight into this aspect).
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: v1
kind: Secret
metadata:
name: cafe-secret
namespace: nginx-ingress # Warning! The namespace of the Secret and of the ingress resource must match
type: kubernetes.io/tls
data:
tls.crt: <new_base64_encoded_cert>
tls.key: <new_base64_encoded_key> |
Once you have entered the two keys, we are ready to create the resource
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl apply -f cafe-secret.yaml
secret/cafe-secret created
$ kubectl get secret -n nginx-ingress
NAME TYPE DATA AGE
cafe-secret kubernetes.io/tls 2 2m8s |
Now we need to de-comment the lines in cafe-ingress.yaml, related to the TLS protocol, and perform a replace of the component. Returning to the browser we should note that now "the connection is protected", as evidenced by the appearance of the padlock next to the address bar.
Further insights
Learn more about the tls.crt and tls.key keys
...