Skip to content

Ingress - SSL

Step-01: Introduction

  • Implement SSL using Lets Encrypt


Azure Kubernetes Service with Azure DevOps and Terraform

Step-02: Install Cert Manager

# Install the CustomResourceDefinition resources separately
kubectl apply --validate=false -f

# Label the ingress-basic namespace to disable resource validation
kubectl label namespace ingress-basic

# Add the Jetstack Helm repository
helm repo add jetstack

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install \
  cert-manager \
  --namespace ingress-basic \
  --version v0.13.0 \

# Verify Cert Manager pods
kubectl get pods --namespace ingress-basic

Step-06: Review or Create Cluster Issuer Kubernetes Manifest

Review Cluster Issuer Kubernetes Manifest

  • Create or Review Cert Manager Cluster Issuer Kubernetes Manigest
    kind: ClusterIssuer
      name: letsencrypt
          name: letsencrypt
          - http01:
                class: nginx

Deploy Cluster Issuer

# Deploy Cluster Issuer
kubectl apply -f kube-manifests/01-CertManager-ClusterIssuer/cluster-issuer.yml

Step-07: Review Application NginxApp1,2 K8S Manifests

  • 01-NginxApp1-Deployment.yml
  • 02-NginxApp1-ClusterIP-Service.yml
  • 01-NginxApp2-Deployment.yml
  • 02-NginxApp2-ClusterIP-Service.yml

Step-08: Create or Review Ingress SSL Kubernetes Manifest

  • 01-Ingress-SSL.yml

Step-09: Deploy All Manifests & Verify

  • Certificate Request, Generation, Approal and Download and be ready might take from 1 hour to couple of days if we make any mistakes and also fail.
  • For me it took, only 5 minutes to get the certificate from
    # Deploy
    kubectl apply -R -f kube-manifests/
    # Verify Pods
    kubectl get pods
    # Verify Cert Manager Pod Logs
    kubectl get pods -n ingress-basic
    kubectl  logs -f <cert-manager-55d65894c7-sx62f> -n ingress-basic #Replace Pod name
    # Verify SSL Certificates (It should turn to True)
    kubectl get certificate
    stack@Azure:~$ kubectl get certificate
    NAME                      READY   SECRET                    AGE
    app1-kubeoncloud-secret   True    app1-kubeoncloud-secret   45m
    app2-kubeoncloud-secret   True    app2-kubeoncloud-secret   45m
# Sample Success Log
I0824 13:09:00.495721       1 controller.go:129] cert-manager/controller/orders "msg"="syncing item" "key"="default/app2-kubeoncloud-secret-2792049964-67728538" 
I0824 13:09:00.495900       1 sync.go:102] cert-manager/controller/orders "msg"="Order has already been completed, cleaning up any owned Challenge resources" "resource_kind"="Order" "resource_name"="app2-kubeoncloud-secret-2792049964-67728538" "resource_namespace"="default" 
I0824 13:09:00.496904       1 controller.go:135] cert-manager/controller/orders "msg"="finished processing work item" "key"="default/app2-kubeoncloud-secret-2792049964-67728538

Step-10: Access Application

Step-11: Verify Ingress logs for Client IP

# List Pods
kubectl -n ingress-basic get pods

# Check logs
kubectl -n ingress-basic logs -f nginx-ingress-controller-xxxxxxxxx

Step-12: Clean-Up

# Delete Apps
kubectl delete -R -f kube-manifests/

# Delete Ingress Controller
kubectl delete namespace ingress-basic

Cert Manager

Best Selling Azure Kubernetes Service Course on Udemy


Best Selling AWS EKS Kubernetes Course on Udemy


HashiCorp Certified Terraform Associate - 50 Practical Demos