How do I configure default TLS certificates for all Ingress routes?
In this guide, we will configure default TLS certificates for all Ingress routes in a Kubernetes cluster using Pulumi. This ensures that all HTTP traffic is encrypted using TLS, providing secure communication between clients and services.
We will use the kubernetes.networking.v1.Ingress
resource to define the Ingress routes and configure TLS settings using a Kubernetes Secret that stores the TLS certificate and key.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Define the namespace
const namespace = new k8s.core.v1.Namespace("example-namespace", {
metadata: { name: "example-namespace" }
});
// Create a TLS secret to store the certificate and private key
const tlsSecret = new k8s.core.v1.Secret("tls-secret", {
metadata: {
name: "tls-secret",
namespace: namespace.metadata.name,
},
type: "kubernetes.io/tls",
data: {
"tls.crt": pulumi.secret("<base64-encoded-tls-certificate>"),
"tls.key": pulumi.secret("<base64-encoded-tls-key>"),
},
});
// Define the Ingress resource with TLS configuration
const ingress = new k8s.networking.v1.Ingress("example-ingress", {
metadata: {
name: "example-ingress",
namespace: namespace.metadata.name,
annotations: {
"nginx.ingress.kubernetes.io/ssl-redirect": "true",
},
},
spec: {
tls: [{
hosts: ["example.com"],
secretName: tlsSecret.metadata.name,
}],
rules: [{
host: "example.com",
http: {
paths: [{
path: "/",
pathType: "Prefix",
backend: {
service: {
name: "example-service",
port: { number: 80 },
},
},
}],
},
}],
},
}, { dependsOn: [tlsSecret] });
Key Points
- We created a Kubernetes Namespace to organize our resources.
- A Kubernetes Secret of type
kubernetes.io/tls
was created to store the TLS certificate and key. - An Ingress resource was defined to route traffic to a backend service and configured to use the TLS secret for secure communication.
Summary
In this guide, we configured default TLS certificates for all Ingress routes in a Kubernetes cluster using Pulumi. This setup ensures that all HTTP traffic is encrypted using TLS, enhancing the security of your applications.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.