HTTPS certificates can be configured for ingresses to provide security services.

Use kubectl to access the cluster. For details, see Connecting to a Cluster Using kubectl.
Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
Create a YAML file named ingress-test-secret.yaml. The file name can be customized.

vi ingress-test-secret.yaml
The YAML file is configured as follows:
```
apiVersion: v1
data:
  tls.crt: LS0******tLS0tCg==
  tls.key: LS0tL******0tLS0K
kind: Secret
metadata:
  annotations:
    description: test for ingressTLS secrets
  name: ingress-test-secret
  namespace: default
type: IngressTLS
```
In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
Create a secret.
kubectl create -f ingress-test-secret.yaml

If information similar to the following is displayed, the secret has been created:
```
secret/ingress-test-secret created
```
View the created secret.

kubectl get secrets

If information similar to the following is displayed, the secret has been created:
```
NAME                         TYPE                                  DATA      AGE
ingress-test-secret          IngressTLS                            2         13s
```

Create a YAML file named ingress-test.yaml. The file name can be customized.

vi ingress-test.yaml

For clusters of v1.23 or later:

apiVersion: networking.k8s.io/v1
kind: Ingress 
metadata: 
  name: ingress-test
  namespace: default
spec:
  tls: 
  - hosts: 
    - foo.bar.com
    secretName: ingress-test-secret  # Replace it with your TLS key certificate.
  rules:
    - host: foo.bar.com
      http:
        paths:
          - path: /
            backend:
              service:
                name: <your_service_name>  # Replace it with the name of your target Service.
                port:
                  number: <your_service_port>  # Replace it with the port number of your target Service.
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
            pathType: ImplementationSpecific
  ingressClassName: nginx

For clusters of v1.21 or earlier:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress 
metadata: 
  name: ingress-test
  annotations: 
    kubernetes.io/ingress.class: nginx
spec:
  tls: 
  - hosts: 
    - foo.bar.com
    secretName: ingress-test-secret   # Replace it with your TLS key certificate.
  rules: 
  - host: foo.bar.com
    http: 
      paths: 
      - path: '/'
        backend: 
          serviceName: <your_service_name>  # Replace it with the name of your target Service.
          servicePort: <your_service_port>  # Replace it with the port number of your target Service.
  ingressClassName: nginx

Create an ingress.
kubectl create -f ingress-test.yaml

If information similar to the following is displayed, the ingress has been created.
```
ingress/ingress-test created
```
View the created ingress.

kubectl get ingress

If information similar to the following is displayed, the ingress has been created and the workload is accessible.
```
NAME             HOSTS     ADDRESS          PORTS   AGE
ingress-test     *         121.**.**.**     80      10s
```
Enter https://121.**.**.**:443 in the address box of the browser to access the workload (for example, Nginx workload).
121.**.**.** indicates the IP address of the unified load balancer.

Configuring an HTTPS Certificate for an Nginx Ingress