I would like to give Kubernetes Kong ingress certificate and attach it to SNIs of services upstream, just like with “regular” Kong. I could not find docs about that on Ingress Controller’s docs nor could I understand how to apply general configuration directions to this use case.
Specifically I’d like to give this to Kong instances:
Other than that docs have been quite good for me and I got Kong Ingress running in our cluster without issues.
Please consult the TLS section of the Ingress documentation:
You can create a TLS secret and then associate it with SNIs and Kong will use the certificate stored in the secret when it sees the SNIs from your client.
You can also automate this process using cert-manager:
This file has been truncated.
# Using cert-manager for automated TLS certificate
This guide will walk through steps to setup Kong Ingress Controller with
cert-manager to automate certificate management using Let's Encrypt.
Any ACME-based CA can be used in-place of Let's Encrypt as well.
## Before you begin
You will need the following:
- Kubernetes cluster that can provision an IP address that is routable from
the Internet. If you don't have one, you can use GKE or any managed k8s
- A domain name for which you control the DNS records.
This is necessary so that
Let's Encrypt can verify the ownership of the domain and issue a certificate.
In the current guide, we use `yolo42.com`, please replace this with a domain
This tutorial was written using Google Kubernetes Engine.
Thank you for your response. I got this working. I didn’t know that Kubernetes has already a place for generic ingress tls and it didn’t occur to me to check.
I actually tried cert-manager first, but run into an issue:
I will try to clean up my updated config and if it still fails will report back on this forum.