Securing the Connection
With a HTTPS connection, all communications are securely encrypted. A certificate enables a secure connection between the web server and the browser that connects to it. At Stakater we have used a couple of methods for handling certificates.
First is a nice tool, Cert-manager by Jetstack to automate the issuing and even renewal of certificates using an issuing source. With this we can use a Cluster Issuer of Let's Encrypt which is a free, automated, and open certificate authority. The
certmanager.k8s.io/cluster-issuer annotation as in the above code snippet is used to indicate this. Xposer will apply this annotation as-is on the Ingress it creates, and that will in turn get read by Cert Manager.
AWS Certificate Manager
Another option we make use of is the AWS Certificate Manager. A certificate can be issued, and multiple additional names can be specified apart from the root domain name. Considering the conventions for Ingress URLs we discussed above, we can add additional wildcard names such as
*.tools.company.com, etc. These wildcards will be applicable to ingresses in the
tools namespaces with the domain
company.com.The certificate can be installed on the Load balancer.