Adding SSL to an AKS Ingress Controller (without using Let’s Encrypt)

I wrote about the ability to add HTTPS to an AKS cluster using Let’s Encrypt, but recently ran into a case where I needed to add a cert from a specific CA to the cluster.

To do this, you need the following:

  • An AKS cluster deployed in an Azure tenant.
  • A certificate (should start with —–BEGIN CERTIFICATE—–)
  • A private key associated to the certificate above (used when creating the CSR for the cert, and will start with —–BEGIN RSA PRIVATE KEY—–)

Import the cert into the cluster:

kubectl create secret tls tls-ca-secret --key certificate.key --cert certificate.crt

After the cert imported, create an ingress controller:

apiVersion: extensions/v1beta1
kind: Ingress
  name: ingress
  annotations: nginx '10m' 'true'
    - hosts:
        - YOUR_DOMAIN
      secretName: tls-ca-secret
  - host: YOUR_DOMAIN
          - path: /some/endpoint
              serviceName: some-service
              servicePort: 80

Afterwards, check to ensure your cert is coming through using the endpoint defined in the Ingress Controller.

Leave a Reply

Your email address will not be published. Required fields are marked *