How to Install Certificate on Kubernetes Ingress Generated from CA

Assumption - Ingress controller is already installed in K8S cluster, if not, please follow https://kubernetes.github.io/ingress-nginx/deploy/

Step 1. Get Certificate from Global CA like Godaddy, Digicert, Comodo SSL or any one

Step 2. Create Secrete using Certificate and Key

Step 3. Create Kubernetes ingress or use existing ingress & Embedded Kubernetes secret in ingress configuration

How to do that:

Step 1: Certificate Generation Process

• Create a private key using "openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr"
• Upload server.csr and server.key to CA portal  to create certificate
• Download certificate

Step 2.  Kubernetes Secrete Creation Process

• Create Kubernetes secrete from downloaded certificate and private key(Server.cert and server.key)
• There is two way to do that using Yaml or Using kubectl command line

By Using Yaml

apiVersion: v1

kind: Secret

metadata:

  name: hello-tls

  namespace: dev

type: kubernetes.io/tls

data:

  server.crt: <crt contents here>

  server.key: <private key contents here>

===========================================

By Kubectl Command Line:

Kubectl create secret tls hello-tls \

    --namespace dev \

    --key server.key \

    --cert server.crt

=====================================

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  name: hello-ingress

  namespace: dev

spec:

  ingressClassName: nginx

  tls:

  - hosts:

    - example.com

    secretName: hello-tls

  rules:

  - host: example.com

    http:

      paths:

      - path: "/"

        pathType: Prefix

        backend:

          service:

            name: service name(hello-service)

            port:

              number: 80

===================================================

Note: Ingress and service should be using same name space else have to setup cross name space communication.