Prepare cluster and DNSFirst, to secure apps on a Kubernetes cluster, you need to have a cluster provisioned on IBM Cloud and the app deployed. Once done, I can retrieve the cluster information including the Ingress Subdomain for that cluster:
ibmcloud cs cluster-get henriks-cluster
Master Location: Frankfurt
Ingress Subdomain: henriks-cluster.eu-de.containers.appdomain.cloud
Ingress Secret: thesecretishere
Worker Zones: fra02
I need that information to create a CNAME record that points the subdomain to the Ingress Subdomain. Thus, all DNS requests for that subdomain are resolved by the nameserver of IBM Cloud Kubernetes Service.
Get the certificate in placeNext, I obtained a new Let's Encrypt wildcard certificate by repeating the steps outlined in my previous post on that topic. Assuming that I am already connected to the K8S cluster, I could create a TLS secret by providing the certificate and private key in PEM format:
kubectl create secret tls henriks-k8s-cluster-secret --cert=/home/hloeser/certs/cs.example.com/cert1.pem --key=/home/hloeser/certs/cs.example.com/privkey1.pem
Thereafter, I created YAML file with the Ingress configuration. Here is the content which is similar to what is documented in the IBM Cloud docs:
- secretName: henriks-k8s-cluster-secret
- host: hl.cs.example.com
- path: /
- host: hldjango.cs.example.com
- path: /
The secret, which we created above, is referenced and used for two hosts, "hl" and "hldjango". Thereafter, the two hosts are defined. For the sake of simplicity, both use the same Django starter app ("hldjango-service". What is left is to apply the configuration to the cluster. "ingress-cs-example-tls.yml" is the configuration file.
kubectl apply -f ingress-cs-example-tls.yml
Thereafter, my Python Django app is accessible via https://hl.cs.example.com and https://hldjango.cs.example.com, each time presenting a valid certificate.
If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.