...
First, we need to get the certificate for our site (cafe.example.com), which will come in handy shortly. We then create a new Armed with a certificate, we can create the Kubernetes component, called Secret, which encapsulates the keys within it. To create it we use the cafe-secret.yaml file, which we had previously set aside, replacing the keys already present with those obtained from the certificate (in the next sub-paragraph there is a little insight into this aspect).
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: v1 kind: Secret metadata: name: cafe-secret namespace: nginx-ingress # Warning! The namespace of the Secret and of the ingressIngress resource must match type: kubernetes.io/tls data: tls.crt: <new_base64_encoded_cert> tls.key: <new_base64_encoded_key> |
Once you have entered the two keys (in the next sub-chapter we present a command to encode the key in base64), we are ready to create the resource
...
Now we need to de-comment the lines in cafe-ingress.yaml, related to the TLS protocol, and perform a replace of the component. Returning
| Code Block | ||||
|---|---|---|---|---|
| ||||
$ kubectl replace -f cafe-ingress.yaml
ingress.networking.k8s.io/cafe-ingress replaced |
Returning to the browser we should note that now "the connection is protected", as evidenced by the appearance of the padlock next to the address bar. Also check that the redirection works: even if you try to force the HTTP protocol in the address bar, you should still get the HTTPS protocol in response.