forked from docs/doc-exports
qiujiandong1
ab1e53a279
Reviewed-by: Gergo-Bence Lorincz <a200452876@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: qiujiandong1 <qiujiandong1@huawei.com> Co-committed-by: qiujiandong1 <qiujiandong1@huawei.com>
7.6 KiB
7.6 KiB
Configuring an HTTPS Certificate for an Nginx Ingress
HTTPS certificates can be configured for ingresses to provide security services.
- Use kubectl to access the cluster. For details, see Accessing a Cluster Using kubectl.
- Ingress supports two TLS secret types: kubernetes.io/tls and IngressTLS. IngressTLS is used as an example. For details, see Creating a Secret. For details about examples of the kubernetes.io/tls secret and its description, see TLS secrets.
Create a YAML file named ingress-test-secret.yaml. The file name can be customized.
vi ingress-test-secret.yaml
The YAML file is configured as follows:apiVersion: v1 data: tls.crt: LS0******tLS0tCg== tls.key: LS0tL******0tLS0K kind: Secret metadata: annotations: description: test for ingressTLS secrets name: ingress-test-secret namespace: default type: IngressTLS
In the preceding information, tls.crt and tls.key are only examples. Replace them with the actual files. The values of tls.crt and tls.key are Base64-encoded.
- Create a secret.
kubectl create -f ingress-test-secret.yaml
If information similar to the following is displayed, the secret has been created:
secret/ingress-test-secret created
Check the created secret.
kubectl get secrets
If information similar to the following is displayed, the secret has been created:
NAME TYPE DATA AGE ingress-test-secret IngressTLS 2 13s
- Create a YAML file named ingress-test.yaml. The file name can be customized.
vi ingress-test.yaml
For clusters of v1.23 or later:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-test namespace: default spec: tls: - hosts: - example.com secretName: ingress-test-secret # Replace it with your TLS key certificate. rules: - host: example.com http: paths: - path: / backend: service: name: <your_service_name> # Replace it with the name of your target Service. port: number: <your_service_port> # Replace it with the port number of your target Service. property: ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH pathType: ImplementationSpecific ingressClassName: nginxFor clusters of v1.21 or earlier:apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: ingress-test annotations: kubernetes.io/ingress.class: nginx spec: tls: - hosts: - example.com secretName: ingress-test-secret # Replace it with your TLS key certificate. rules: - host: example.com http: paths: - path: '/' backend: serviceName: <your_service_name> # Replace it with the name of your target Service. servicePort: <your_service_port> # Replace it with the port number of your target Service. - Create an ingress.
kubectl create -f ingress-test.yaml
If information similar to the following is displayed, the ingress has been created:
ingress/ingress-test created
- Check the created ingress.
kubectl get ingress
If information similar to the following is displayed, the ingress has been created:
NAME CLASS HOSTS ADDRESS PORTS AGE ingress-test nginx example.com 80,443 10s
- Enter https://example.com in the address box of the browser to access the workload (for example, Nginx workload).
Replace example.com with your domain name.
Parent topic: Advanced Setting Examples of Nginx Ingresses