Kubernetesdevops~30 mins

TLS termination with Ingress in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

TLS termination with Ingress

📖 Scenario: You are setting up a simple web application on Kubernetes. You want to secure your website by enabling HTTPS using TLS termination at the Ingress controller. This means the Ingress will handle the encryption and decryption of traffic, so your backend pods receive plain HTTP traffic.

🎯 Goal: Learn how to configure TLS termination on a Kubernetes Ingress resource by creating a TLS secret and referencing it in the Ingress configuration.

📋 What You'll Learn

Create a TLS secret with a certificate and private key

Create an Ingress resource that uses the TLS secret for HTTPS

Configure the Ingress to route traffic to a backend service

Verify that the Ingress is correctly set up for TLS termination

💡 Why This Matters

🌍 Real World

In real Kubernetes deployments, TLS termination at the Ingress controller secures web traffic by encrypting data between users and the cluster. This is a common practice for production web applications.

💼 Career

Understanding TLS termination with Ingress is essential for DevOps engineers and site reliability engineers who manage secure Kubernetes environments and ensure safe communication for applications.

Progress0 / 4 steps

Create a TLS secret

Create a TLS secret named my-tls-secret in the default namespace using the certificate file tls.crt and the private key file tls.key. Use the kubectl create secret tls command exactly as shown.

Kubernetes

# Your code here

Need a hint?

Use the kubectl create secret tls command with the exact secret name my-tls-secret and specify the certificate and key files.

Create a basic Ingress resource with TLS

Create a YAML file named ingress.yaml that defines an Ingress resource named my-ingress in the default namespace. Add a tls section that references the secret my-tls-secret and sets the host to example.com. Under rules, add a rule for host example.com that routes HTTP traffic to the service named my-service on port 80. Use the exact keys and names as specified.

Kubernetes

kubectl create secret tls my-tls-secret --cert=tls.crt --key=tls.key
# Write the ingress.yaml content below
# Your code here

Need a hint?

Remember to add the tls section with hosts and secretName. Then add a rules section with the host and backend service details.

Apply the Ingress resource

Use the kubectl apply -f ingress.yaml command to create the Ingress resource in the cluster.

Kubernetes

kubectl create secret tls my-tls-secret --cert=tls.crt --key=tls.key

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: default
spec:
  tls:
  - hosts:
    - example.com
    secretName: my-tls-secret
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

# Your code here

Need a hint?

Use kubectl apply -f ingress.yaml to create or update the Ingress resource.

Verify the Ingress TLS setup

Run kubectl describe ingress my-ingress and check the output to confirm that the TLS section shows the secret my-tls-secret and the host example.com. Then print the output exactly as shown.

Kubernetes

kubectl create secret tls my-tls-secret --cert=tls.crt --key=tls.key

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: default
spec:
  tls:
  - hosts:
    - example.com
    secretName: my-tls-secret
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

kubectl apply -f ingress.yaml

# Your code here

Need a hint?

Use kubectl describe ingress my-ingress and look for the TLS secret and host in the output.