Generate SSL Certificates for Local Kubernetes Ingress Hosts

Kubernetes

Generate SSL certificates for local Kubernetes ingress hosts. Here, we’ll show how to produce SSL certificates and utilize them in ingress TLS hosts.

Step 1: Create a openssl.cnf file. Replace the values of “C, ST, L, O, OU, CN, DNS.1”

[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca # The extentions to add to the self signed cert
prompt             = no

[req_distinguished_name]
C  = IN
ST = Gujarat
L  = Ahmedabad
O  = iTechOps
OU = IT
CN = argocd.example.com

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

[alt_names]
DNS.1 = argocd.example.com

Step 2: Let’s generate certs

openssl genpkey -algorithm RSA -out example.key

openssl req -new -x509 -key example.key -out example.crt -days 365 -config openssl.cnf

Step 3: Add the example.crt to your windows MMC to get it trusted.

1. Search "RUN" hit Enter.
2. Type "mmc" hit Enter

3. Upper left corner click on file then select Add/Remove Snap-in. 
   Below window will open.

4. Select Certificates then Add > new window will open select Computer Account
   Click Next and then Finish.

   Below is the Output

5. Click Ok

6. Expand Certificates(Local Computer) > Trusted Root Certificates > Certificates.
   
   On the Right panel More Actions > All tasks > Import

7. Click Next > example.crt file path > Next > Next > Finish

   I have highlited cert that i have created in your case it might be else.

Step 4: Create kubernetes tls secret

Run below kubectl command where your example.key and example.cert are located.

kubectl create secret tls example-tls --key=example.key --cert=example.crt

Step 5: Use it in Ingress

# Demo ingress yaml


apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  ingressClassName: nginx
  rules:
  - host: example.com # Replace with yours
    http:
      paths:
      - backend:
          service:
            name: example-server # Replace with yours
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - example.com # Replace with yours
    secretName: example-tls # Replace with yours

And All Set!!