You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

If you pay attention to the address bar, you will notice the message "your connection to this site is not secure". Our goal is to secure the connection. This will show itself visually with the appearance of the small padlock in the address bar. 

First, we need to get the certificate for our site (cafe.example.com), which will come in handy shortly. We then create a new Kubernetes component, called Secret. To create it we use the cafe-secret.yaml file, which we had previously set aside, replacing the keys already present with those obtained from the certificate (in the next sub-paragraph there is a little insight into this aspect).

cafe-secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: cafe-secret
  namespace: nginx-ingress   # Warning! The namespace of the Secret and of the ingress resource must match
type: kubernetes.io/tls
data:
  tls.crt: <new_base64_encoded_cert>
  tls.key: <new_base64_encoded_key>

Once you have entered the two keys (in the next chapter we present a command to encode the key in base64), we are ready to create the resource

Create Secret
$ kubectl apply -f cafe-secret.yaml
secret/cafe-secret created
$ kubectl get secret -n nginx-ingress
NAME            TYPE                  DATA   AGE
cafe-secret     kubernetes.io/tls     2      2m8s

Now we need to de-comment the lines in cafe-ingress.yaml, related to the TLS protocol, and perform a replace of the component. Returning to the browser we should note that now "the connection is protected", as evidenced by the appearance of the padlock next to the address bar. Also check that the redirection works: even if you try to force the HTTP protocol in the address bar, you should still get the HTTPS protocol in response.

  • No labels