Local certificates with db less Kong


I would like to give Kubernetes Kong ingress certificate and attach it to SNIs of services upstream, just like with “regular” Kong. I could not find docs about that on Ingress Controller’s docs nor could I understand how to apply general configuration directions to this use case.

Specifically I’d like to give this to Kong instances: https://docs.konghq.com/1.3.x/admin-api/#certificate-object

Other than that docs have been quite good for me and I got Kong Ingress running in our cluster without issues.

Please consult the TLS section of the Ingress documentation:

You can create a TLS secret and then associate it with SNIs and Kong will use the certificate stored in the secret when it sees the SNIs from your client.

You can also automate this process using cert-manager:

Thank you for your response. I got this working. I didn’t know that Kubernetes has already a place for generic ingress tls and it didn’t occur to me to check.

I actually tried cert-manager first, but run into an issue: https://github.com/Kong/kubernetes-ingress-controller/issues/431#issuecomment-545322902

I will try to clean up my updated config and if it still fails will report back on this forum.