TLS FOR Ingress
manually applying for each domain… coz wildcard (*.waji-domain.site) isn’t free
From this site
https://manage.sslforfree.com/dashboard
We issue a certificate, verify it from hostinger, then just download the files.
Verifying from hostinger will require to add a CNAME provided by the sslforfree maanger
Then just move it to the server using powershell
PS C:\Users\Waji> scp -r .\promet.waji-domain.site\ waji@192.168.219.245:/home/waji/
From the server
waji@master01:~/promet.waji-domain.site$ ls
ca_bundle.crt certificate.crt private.key
## Create a tls secret
waji@master01:~/promet.waji-domain.site$ k create secret tls promet-tls --key private.key --cert certificate.crt
waji@master01:~$ k get secrets
NAME TYPE DATA AGE
promet-tls kubernetes.io/tls 2 5m34s
The ingress looks like this
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: promet-ing
spec:
tls:
- hosts:
- promet.waji-domain.site
secretName: promet-tls ## ==> The tls secret name
ingressClassName: nginx
rules:
- host: promet.waji-domain.site
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: promet-svc
port:
number: 80
