TLS
The objective is to configure the Gateway to serve httpbin
over TLS.
Deploy cert-manager
We decide to let cert-manager manage certificates on our behalf.
helm repo add jetstack https://charts.jetstack.io --force-update
helm repo update
helm upgrade --install --create-namespace --namespace cert-manager \
--set crds.enabled=true \
--set "extraArgs={--enable-gateway-api}" \
cert-manager jetstack/cert-manager
Create a self-signed issuer
| ---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: self-signed
spec:
selfSigned: {}
|
kubectl apply -f tls/selfsigned-issuer.yaml
Add an HTTPS listener
Add an HTTPS listener for httpbin.esuez.org
hostname on the gateway, configured to terminate TLS:
| ---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: eg
annotations:
cert-manager.io/cluster-issuer: self-signed
spec:
gatewayClassName: eg
listeners:
- name: http
protocol: HTTP
port: 80
- name: https
protocol: HTTPS
port: 443
hostname: httpbin.esuez.org
tls:
mode: Terminate
certificateRefs:
- name: httpbin-cert
|
kubectl apply -f tls/gateway-add-https.yaml
Test it
Access httpbin over TLS: