I wrote about the ability to add HTTPS to an AKS cluster using Let’s Encrypt, but recently ran into a case where I needed to add a cert from a specific CA to the cluster.
To do this, you need the following:
- An AKS cluster deployed in an Azure tenant.
- A certificate (should start with —–BEGIN CERTIFICATE—–)
- A private key associated to the certificate above (used when creating the CSR for the cert, and will start with —–BEGIN RSA PRIVATE KEY—–)
Import the cert into the cluster:
kubectl create secret tls tls-ca-secret --key certificate.key --cert certificate.crt
After the cert imported, create an ingress controller:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress annotations: kubernetes.io/ingress.class: nginx nginx.org/client-max-body-size: '10m' nginx.ingress.kubernetes.io/enable-cors: 'true' spec: tls: - hosts: - YOUR_DOMAIN secretName: tls-ca-secret rules: - host: YOUR_DOMAIN http: paths: - path: /some/endpoint backend: serviceName: some-service servicePort: 80
Afterwards, check to ensure your cert is coming through using the endpoint defined in the Ingress Controller.