How to setup HTTPS connection with Ingress controller on your Kubernetes instance - Sourcegraph docs (2024)

Table of Contents
Prerequisites Steps for GCE-GKE user 1. Install the NGINX ingress controller (ingress-nginx) 2. Update the create-new-cluster.sh file 3. Once the ingress has acquired an external address Configure TLS/SSL 1. Create TLS certificate and private key 2. Create a TLS secret for your Cluster 3. Update the create-new-cluster.sh file 4. Update the ingress sourcegraph-frontend.Ingress.yaml file 5. Update Site Configuration 6. Update the ingress controller FAQs

This document will take you through how to setup HTTPS connection using the preinstalled Ingress controller, which allows external users to access your main web server over the network. It installs rules for the default ingress, see comments to restrict it to a specific host. This is our recommended method to configure network access for production environments.

Prerequisites

  • This document assumes that your Sourcegraph instance is deployed into a Kubernetes cluster and that ingress has already been installed for sourcegraph-frontend (by default).

Steps for GCE-GKE user

1. Install the NGINX ingress controller (ingress-nginx)

Install the NGINX ingress controller by following the instructions at https://kubernetes.github.io/ingress-nginx/deploy/

For example, GCE-GKE user would simply run this command kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/cloud/deploy.yaml to install the NGINX ingress controller

See Also
Renew an SSL/TLS certificateBuild and use a local module | Terraform | HashiCorp DeveloperCLI Commands - CDK for Terraform | Terraform | HashiCorp DeveloperHow to Get an SSL Certificate in 8 Simple Steps

2. Update the create-new-cluster.sh file

Add the configure/ingress-nginx/install.sh command to the create-new-cluster.sh file at root, and commit the change.Your file should look similar to this:

echo ./configure/ingress-nginx/install.sh >> create-new-cluster.sh./kubectl-apply-all.sh $@

3. Once the ingress has acquired an external address

You should be able to access Sourcegraph using the external address returns from the following kubectl -n ingress-nginx get svc.

$kubectl -n ingress-nginx get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEingress-nginx-controller LoadBalancer 10.XX.8.XXX XX.XXX.XXX.XX 80:32695/TCP,443:31722/TCP 5d13hingress-nginx-controller-admission ClusterIP 10.XX.8.X <none> 443/TCP 5d13h

Configure TLS/SSL

After your Sourcegraph instance is exposed via an ingress controller, you should consider using TLS so that all traffic will be served over HTTPS.

See Also
ALB vs ELB | Differences Between an ELB and an ALB on AWS | Sumo Logic

1. Create TLS certificate and private key

Place the newly created certificate and private key in a secured place. We will be using .envrc/private.key and .envrc/public.pem in this example.

2. Create a TLS secret for your Cluster

Create a TLS secret that contains your TLS certificate and private key by running the following command:

kubectl create secret tls sourcegraph-tls --key .envrc/private.key --cert .envrc/public.pem

3. Update the create-new-cluster.sh file

Add the previous command to the create-new-cluster.sh file at root, and commit the change. Your file should look similar to this:

echo ./configure/ingress-nginx/install.sh >> create-new-cluster.shecho kubectl create secret tls sourcegraph-tls --key .envrc/private.key --cert .envrc/public.pem >> create-new-cluster.sh./kubectl-apply-all.sh $@

4. Update the ingress sourcegraph-frontend.Ingress.yaml file

Add the tls configuration to base/frontend/sourcegraph-frontend.Ingress.yaml file by commenting out the tls section, and replace sourcegraph.example.com with your domain.

 # base/frontend/sourcegraph-frontend.Ingress.yaml tls: - hosts: # Replace 'sourcegraph.example.com' with the real domain that you want to use for your Sourcegraph instance. - sourcegraph.example.com secretName: sourcegraph-tls rules: - http: paths: - path: / backend: serviceName: sourcegraph-frontend servicePort: 30080 # Replace 'sourcegraph.example.com' with the real domain that you want to use for your Sourcegraph instance. host: sourcegraph.example.com

5. Update Site Configuration

Update your externalURL in the site configuration to e.g. https://sourcegraph.example.com:

{"externalURL": "https://sourcegraph.example.com"}

6. Update the ingress controller

Update the ingress controller with the previous changes with the following command:

kubectl apply -f base/frontend/sourcegraph-frontend.Ingress.yaml
How to setup HTTPS connection with Ingress controller on your Kubernetes instance - Sourcegraph docs (2024)

FAQs

How do I add HTTPS to ingress Kubernetes? ›

Setting up HTTPS Ingress
  1. Assuming you have a certificate and key for your service, create a Kubernetes secret for the ingress gateway. ...
  2. Under servers: ...
  3. There should already be a section under servers: for port 80 HTTP. ...
  4. To redirect HTTP to HTTPS, add the value httpsRedirect: true under tls in the HTTP server section.

Learn More Now
How do I deploy HTTPS in Kubernetes? ›

Steps for GCE-GKE user
  1. Install the NGINX ingress controller (ingress-nginx) Install the NGINX ingress controller by following the instructions at https://kubernetes.github.io/ingress-nginx/deploy/ ...
  2. Update the create-new-cluster.sh file. ...
  3. Once the ingress has acquired an external address.

See More
How do I set ingress in Kubernetes? ›

How to deploy NGINX Ingress Controller on Kubernetes using kubectl
  1. Step 1 - Install NGINX Ingress Controller. ...
  2. Step 2 - Exposing the NGINX Ingress Controller. ...
  3. Step 3 - Validate the NGINX Ingress Controller. ...
  4. Step 4 - Exposing Services using NGINX Ingress Controller.
Nov 22, 2022

Discover More Details
How do you secure ingress in Kubernetes? ›

Kubernetes ingresses are used to expose web applications and REST APIs to the outside world. By default, ingresses are accessible over HTTP, which is not secure. The traffic between the application and clients is not encrypted, which makes it vulnerable to attack. To secure your ingresses , you need to use HTTPS.

Explore More
How do I enable HTTPS in ingress? ›

The --enable-ssl-passthrough flag enables the SSL Passthrough feature, which is disabled by default. This is required to enable passthrough backends in Ingress objects. This feature is implemented by intercepting all traffic on the configured HTTPS port (default: 443) and handing it over to a local TCP proxy.

Find Out More
Does ingress allow both http and https? ›

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting.

Find Out More
How to setup a HTTPS server? ›

Enable HTTPS on your servers
  1. Generate keys and certificate signing requests. Generate a public/private key pair. Generate a certificate signing request. ...
  2. Enable HTTPS on your servers.
  3. Make intrasite URLs relative.
  4. Redirect HTTP to HTTPS.
  5. Turn on Strict Transport Security and secure cookies. Search ranking. Performance.

Read On
How to setup SSL certificate in Kubernetes? ›

Prerequisites:
  1. You have a functioning Kubernetes cluster.
  2. You have helm installed on your cluster.
  3. You have a solid understanding of Kubernetes ingress concept.
  4. You have the kubectl tool set up on your system.
  5. You own or have control over a domain name.
  6. We will need SSL/TSL certificates.
Jan 25, 2024

Learn More
How do I deploy a website to HTTPS? ›

How to properly enable HTTPS on your server
  1. Buy an SSL certificate.
  2. Request the SSL certificate.
  3. Install the certificate.
  4. Update your site to enable HTTPS.
Jan 26, 2024

Explore More
How do I know if my ingress controller is running? ›

To check the running mode of an ingress pod, you can use the kubectl logs command to view the logs of the pod. You can list all pods in your cluster to find the Ingress controller pod. kubectl get pods -n <namespace> you can retrieve its logs using the kubectl logs command.

Continue Reading

How does ingress controller work in Kubernetes? ›

An ingress controller acts as a reverse proxy and load balancer. It implements a Kubernetes Ingress. The ingress controller adds a layer of abstraction to traffic routing, accepting traffic from outside the Kubernetes platform and load balancing it to Pods running inside the platform.

Find Out More
Where does ingress controller run in Kubernetes? ›

The NGINX Ingress Controller is production‑grade Ingress controller (daemon) that runs alongside NGINX Open Source or NGINX Plus instances in a Kubernetes environment. The daemon monitors NGINX Ingress resources and Kubernetes Ingress resources to discover requests for services that require ingress load balancing.

View More
How to add SSL certificate in Ingress controller? ›

Here are the general steps to enable SSL for an Ingress service:
  1. Step 1: Obtain an SSL Certificate. ...
  2. Step 2: Create Kubernetes Secrets. ...
  3. Step 3: Update the Ingress Resource. ...
  4. Step 4: Apply the Changes. ...
  5. Step 5: Verify SSL Configuration. ...
  6. Step 6: Test HTTPS Access.
Nov 28, 2023

Read On
How do you implement an ingress controller? ›

When you deploy NGINX Ingress Controller as a Deployment, Kubernetes automatically sets up a single NGINX Ingress Controller pod.
  1. For NGINX, run: kubectl apply -f deployments/deployment/nginx-ingress.yaml.
  2. For NGINX Plus, run: kubectl apply -f deployments/deployment/nginx-plus-ingress.yaml. Update the nginx-plus-ingress.

See More
How do I check my ingress certificate in Kubernetes? ›

Setup Instructions
  1. Add the annotations as provided in the ingress. ...
  2. Test by performing a curl against the Ingress Path without the Client Cert and expect a Status Code 400.
  3. Test by performing a curl against the Ingress Path with the Client Cert and expect a Status Code 200.

Learn More Now
How can I add TLS certificate in ingress? ›

Create a secret for the default TLS certificate in each namespace where your Ingress resources or apps exist. Specify the TLS certificate CRN with the --cert-crn command option. Alternatively, you can set the secret as the defaultCertificate in the ibm-ingress-deploy-config ConfigMap.

Get More Info Here
How do I add a HTTPS certificate? ›

Under Install and Manage SSL for your site (HTTPS), click Manage SSL Sites. Scroll down to the Install an SSL Website and click Browse Certificates. Select the certificate that you want to activate and click Use Certificate. This will auto-fill the fields for the certificate.

Discover More
How do I add HTTPS binding? ›

In the Internet Information Services (IIS) Manager dialog, Connections pane, expand your computer name, expand Sites, and select Default Web Site. On the Actions pane, select Bindings. In the Site Bindings dialog, select Add. In the Add Site Binding dialog, on the Type menu, select https.

Learn More
Top Articles
How to Format a Solid State Drive (SSD)
Waarom krijg ik een rood hoofd van alcohol?
The Hidden Gold Mine Heiress Divorce By Vera
Qtrac Queue Management Software Pricing
Latest Posts
Krull
How to install Python 3 in Windows Subsystem with Ubuntu
Article information

Author: Stevie Stamm

Last Updated:

Views: 6151

Rating: 5 / 5 (60 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Stevie Stamm

Birthday: 1996-06-22

Address: Apt. 419 4200 Sipes Estate, East Delmerview, WY 05617

Phone: +342332224300

Job: Future Advertising Analyst

Hobby: Leather crafting, Puzzles, Leather crafting, scrapbook, Urban exploration, Cabaret, Skateboarding

Introduction: My name is Stevie Stamm, I am a colorful, sparkling, splendid, vast, open, hilarious, tender person who loves writing and wants to share my knowledge and understanding with you.