You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Learn more about the tls.crt and tls.key keys

You may have noticed the particular wording "base64_encoded" inside the cafe-secret.yaml. In fact, it is necessary to insert the keys with a certain coding. We take our two keys, obtained with the certificate, and apply the following command

Convert "x509 format base64 decoded" to "x509 format base64 encoded"
$ base64 -w 0 cafe.example.com.pem
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhDakNDQlBLZ0F3SUJBZ0lRR0J6emlZVDR0V3BpT...
$ base64 -w 0 cafe.example.com.key
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdjFyQzdvWVh3YU5yc...

We just have to paste the output of the .pem file into the tls.crt field and the output of the .key file into the tls.key field.

Multiple sub-domains with one path

Instead of using URLs to make different applications accessible, some Ingress resource use sub-domains. So if you have an application configured this way, your .yaml file would look like below: instead of having one host and multiple path, now we have multiple host, where each host represents a sub-domain and the single path redirects the request to the service. For a secure connection, a certificate, and therefore a secret, is required for each host.

cafe-ingress.yaml (sub-domain)
apiVersion: networking.k8s.io/v1beta1 #extensions/v1beta1
kind: Ingress
metadata:
  name: <name>
  namespace: <namespace>
spec:
  tls:
  - hosts:
    - <host1>
    secretName: <secret1>
  - hosts:
    - <host2>
    secretName: <secret2>
  rules:
  - host: <host1>
    http:
      paths:
      - path: /
        backend:
          serviceName: <service1>
          servicePort: <port1>
  - host: <host2>
    http:
      paths:
      - path: /
        backend:
          serviceName: <service2>
          servicePort: <port2>
  • No labels