SSL on ingress in Kubernetes

Get https port for ingress:

kubectl -n ingress-nginx get all

And the output is:

service/ingress-nginx-controller             NodePort   10.107.65.231        80:30080/TCP,443:30443/TCP   2m23s

so the HTTPS port is 30443
Get the node ip:

kubectl get no -o wide

in my example it is 172.30.1.2 and 172.30.2.2
Try the https curl on one of the nodes:

curl https://172.30.1.2:30443 -kv

So you will get the details:

* Server certificate:
*  subject: O=Acme Co; CN=Kubernetes Ingress Controller Fake Certificate

Generate SSL for our website:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

leave defaults as is, only change:

Common Name (e.g. server FQDN or YOUR name) []:qwerty.md

Create certificate secret:

kubectl create secret tls qwerty-crt --cert=cert.pem --key=key.pem

Create sample pods and services:

kubectl run pod1 --image nginx
kubectl run pod2 --image httpd
kubectl expose pod pod1 --port 80 --name service1
kubectl expose pod pod2 --port 80 --name service2

Create ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minimal-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
      - qwerty.md
    secretName: qwerty-crt
  rules:
  - host: qwerty.md
    http:
      paths:
      - path: /service1
        pathType: Prefix
        backend:
          service:
            name: service1
            port:
              number: 80
      - path: /service2
        pathType: Prefix
        backend:
          service:
            name: service2
            port:
              number: 80

Apply:

kubectl apply -f ing.yaml

Add to /etc/hosts:

172.30.1.2 qwerty.md

Where the 172.30.1.2 is one IP from:

kubectl get no -o wide

Check the output with curl:

curl https://qwerty.md:30443/service1 -kv
curl https://qwerty.md:30443/service2 -kv

You should have something like this:

* Server certificate:
*  subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd; CN=qwerty.md