Kubernetes: Deploy apps with SSL the Easy Way

Jun 16, 2022 · 2 mins read
cloud kubernetes
Kubernetes: Deploy apps with SSL the Easy Way

Deploying apps in Kubernetes is not enough, you need to secure it with HTTPS. In this guide, I’ll walk you through setting up SSL/TLS for your Kubernetes apps using cert-manager and Ingress NGINX Controller.

Prerequisites

Before jumping in, make sure you have:

  • A running Kubernetes cluster
  • kubectl configured properly
  • A domain name pointing to your cluster (if you want real SSL certs)

Step 1: Install Cert-Manager

Cert-Manager automates the SSL cert process, so you don’t have to deal with renewals manually. It is simply a tool you install on your cluster to handle certificate renewals automatically. To install it, run:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml

Check if it’s running:

kubectl get pods -n cert-manager

Step 2: Install Ingress NGINX Controller

The Ingress NGINX Controller is what routes traffic to your app. Install it like this:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/aws/deploy.yaml

Make sure it’s up:

kubectl get pods -n ingress-nginx

Step 3: Set Up a ClusterIssuer

For automatic SSL certs, configure a ClusterIssuer using Let’s Encrypt:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: your-email@example.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

Apply it:

kubectl apply -f cluster-issuer.yaml

Step 4: Secure Your App with TLS

Now, create an Ingress resource for your app with SSL enabled:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  ingressClassName: nginx
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-app-service
            port:
              number: 80
  tls:
  - hosts:
    - myapp.example.com
    secretName: myapp-tls

Deploy it:

kubectl apply -f ingress.yaml

Step 5: Verify SSL Cert

Check if your cert is good to go:

kubectl get certificate

If all is set up right, your app should now be reachable via HTTPS. 🎉

Wrapping Up

With cert-manager and Ingress NGINX, SSL in Kubernetes is a breeze. No more non HTTP sites from your cluster!

Sharing is caring!