1. Answers
  2. Configuring default TLS certificates for all Ingress routes

How do I configure default TLS certificates for all Ingress routes?

In this guide, we will configure default TLS certificates for all Ingress routes in a Kubernetes cluster using Pulumi. This ensures that all HTTP traffic is encrypted using TLS, providing secure communication between clients and services.

We will use the kubernetes.networking.v1.Ingress resource to define the Ingress routes and configure TLS settings using a Kubernetes Secret that stores the TLS certificate and key.

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
    metadata: { name: "example-namespace" }
});

// Create a TLS secret to store the certificate and private key
const tlsSecret = new k8s.core.v1.Secret("tls-secret", {
    metadata: {
        name: "tls-secret",
        namespace: namespace.metadata.name,
    },
    type: "kubernetes.io/tls",
    data: {
        "tls.crt": pulumi.secret("<base64-encoded-tls-certificate>"),
        "tls.key": pulumi.secret("<base64-encoded-tls-key>"),
    },
});

// Define the Ingress resource with TLS configuration
const ingress = new k8s.networking.v1.Ingress("example-ingress", {
    metadata: {
        name: "example-ingress",
        namespace: namespace.metadata.name,
        annotations: {
            "nginx.ingress.kubernetes.io/ssl-redirect": "true",
        },
    },
    spec: {
        tls: [{
            hosts: ["example.com"],
            secretName: tlsSecret.metadata.name,
        }],
        rules: [{
            host: "example.com",
            http: {
                paths: [{
                    path: "/",
                    pathType: "Prefix",
                    backend: {
                        service: {
                            name: "example-service",
                            port: { number: 80 },
                        },
                    },
                }],
            },
        }],
    },
}, { dependsOn: [tlsSecret] });

Key Points

  • We created a Kubernetes Namespace to organize our resources.
  • A Kubernetes Secret of type kubernetes.io/tls was created to store the TLS certificate and key.
  • An Ingress resource was defined to route traffic to a backend service and configured to use the TLS secret for secure communication.

Summary

In this guide, we configured default TLS certificates for all Ingress routes in a Kubernetes cluster using Pulumi. This setup ensures that all HTTP traffic is encrypted using TLS, enhancing the security of your applications.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up