1. Answers
  2. Setting Up TLS Termination On Kubernetes Ingress

Setting Up TLS Termination on Kubernetes Ingress

Introduction

Setting up TLS termination on Kubernetes Ingress involves configuring the Ingress resource to handle HTTPS traffic and terminate SSL/TLS at the Ingress controller. This process typically involves creating a TLS secret containing the SSL certificate and private key, and then referencing this secret in the Ingress resource.

Step-by-Step Explanation

Step 1: Create a TLS Secret

  1. Obtain your SSL certificate and private key.
  2. Create a Kubernetes secret to store the certificate and key.
import * as k8s from '@pulumi/kubernetes';

const tlsSecret = new k8s.core.v1.Secret('tls-secret', {
  metadata: {
    name: 'tls-secret',
    namespace: 'default',
  },
  type: 'kubernetes.io/tls',
  data: {
    'tls.crt': Buffer.from('<your-certificate>').toString('base64'),
    'tls.key': Buffer.from('<your-private-key>').toString('base64'),
  },
});

Step 2: Configure Ingress Resource

  1. Create an Ingress resource and reference the TLS secret.
const ingress = new k8s.networking.v1.Ingress('example-ingress', {
  metadata: {
    name: 'example-ingress',
    namespace: 'default',
  },
  spec: {
    tls: [{
      hosts: ['example.com'],
      secretName: 'tls-secret',
    }],
    rules: [{
      host: 'example.com',
      http: {
        paths: [{
          path: '/',
          pathType: 'Prefix',
          backend: {
            service: {
              name: 'example-service',
              port: {
                number: 80,
              },
            },
          },
        }],
      },
    }],
  },
});

Summary

In this guide, we covered the steps to set up TLS termination on a Kubernetes Ingress resource. We created a TLS secret to store the SSL certificate and private key, and then referenced this secret in the Ingress resource to enable HTTPS traffic.

By following these steps, you can ensure secure communication between clients and your Kubernetes applications.

For more information, refer to the Pulumi Kubernetes documentation.

Full Code Example

import * as k8s from '@pulumi/kubernetes';

// Create a TLS Secret
const tlsSecret = new k8s.core.v1.Secret('tls-secret', {
  metadata: {
    name: 'tls-secret',
    namespace: 'default',
  },
  type: 'kubernetes.io/tls',
  data: {
    'tls.crt': Buffer.from('<your-certificate>').toString('base64'),
    'tls.key': Buffer.from('<your-private-key>').toString('base64'),
  },
});

// Create an Ingress resource and reference the TLS secret
const ingress = new k8s.networking.v1.Ingress('example-ingress', {
  metadata: {
    name: 'example-ingress',
    namespace: 'default',
  },
  spec: {
    tls: [{
      hosts: ['example.com'],
      secretName: 'tls-secret',
    }],
    rules: [{
      host: 'example.com',
      http: {
        paths: [{
          path: '/',
          pathType: 'Prefix',
          backend: {
            service: {
              name: 'example-service',
              port: {
                number: 80,
              },
            },
          },
        }],
      },
    }],
  },
});

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up