SSL/TLS Setup for CodeScoring.Save¶
SSL/TLS is configured at the ingress level. This page describes the base values.yaml structure and two common ways to attach a certificate: through cert-manager or through a pre-created Kubernetes secret.
Ingress and TLS parameters are configured in values.yaml in the app.ingresses section. The section format must match the codescoring-generic schema.
Note
The exact set of annotations depends on the ingress controller and certificate issuance method.
Example structure:
app:
ingresses:
frontend:
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: save.example.com
paths:
- path: /
pathType: Prefix
service:
name: frontend
port:
number: 8081
tls:
- secretName: save-tls
hosts:
- save.example.com
Using cert-manager¶
# Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
# Create ClusterIssuer
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
EOF
Using Self-Signed Certificates¶
# Generate certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout tls.key -out tls.crt \
-subj "/CN=save.example.com"
# Create secret
kubectl create secret tls save-tls \
--namespace codescoring-save \
--cert=tls.crt \
--key=tls.key
Страница была полезна?