If you pay attention to the address bar, you will notice the message "your connection to this site is not secure". Our goal is to secure the connection. This will show itself visually with the appearance of the small padlock in the address bar.
First, we need to get the certificate for our site (cafe.example.com), which will come in handy shortly. Armed with a certificate, we can create the Kubernetes component, called Secret, which encapsulates the keys within it. To create it we use the cafe-secret.yaml file, which we had previously set aside, replacing the keys already present with those obtained from the certificate (in the next sub-paragraph there is a little insight into this aspect).
apiVersion: v1 kind: Secret metadata: name: cafe-secret namespace: nginx-ingress # Warning! The namespace of Secret and Ingress resource must match type: kubernetes.io/tls data: tls.crt: <new_base64_encoded_cert> tls.key: <new_base64_encoded_key>
Once you have entered the two keys (in the next sub-chapter we present a command to encode the key in base64), we are ready to create the resource
$ kubectl apply -f cafe-secret.yaml secret/cafe-secret created $ kubectl get secret -n nginx-ingress NAME TYPE DATA AGE cafe-secret kubernetes.io/tls 2 2m8s
Now we need to de-comment the lines in cafe-ingress.yaml, related to the TLS protocol, and perform a replace of the component
$ kubectl replace -f cafe-ingress.yaml ingress.networking.k8s.io/cafe-ingress replaced
Returning to the browser we should note that now "the connection is protected", as evidenced by the appearance of the padlock next to the address bar. Also check that the redirection works: even if you try to force the HTTP protocol in the address bar, you should still get the HTTPS protocol in response.