Skip to content

Commit

Permalink
Merge pull request #9797 from msedzins/issue_9335
Browse files Browse the repository at this point in the history
Ability to use a custom TLS certificate with the Ingress
  • Loading branch information
medyagh authored Dec 4, 2020
2 parents a6d56c6 + e1aa07f commit 114faa7
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 0 deletions.
17 changes: 17 additions & 0 deletions cmd/minikube/cmd/config/configure.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package config
import (
"io/ioutil"
"net"
"regexp"

"github.com/spf13/cobra"
"k8s.io/minikube/pkg/minikube/config"
Expand Down Expand Up @@ -204,6 +205,22 @@ var addonsConfigureCmd = &cobra.Command{
cfg.KubernetesConfig.LoadBalancerEndIP = AskForStaticValidatedValue("-- Enter Load Balancer End IP: ", validator)
}

if err := config.SaveProfile(profile, cfg); err != nil {
out.ErrT(style.Fatal, "Failed to save config {{.profile}}", out.V{"profile": profile})
}
case "ingress":
profile := ClusterFlagValue()
_, cfg := mustload.Partial(profile)

validator := func(s string) bool {
format := regexp.MustCompile("^.+/.+$")
return format.MatchString(s)
}

if cfg.KubernetesConfig.CustomIngressCert == "" {
cfg.KubernetesConfig.CustomIngressCert = AskForStaticValidatedValue("-- Enter custom cert(format is \"namespace/secret\"): ", validator)
}

if err := config.SaveProfile(profile, cfg); err != nil {
out.ErrT(style.Fatal, "Failed to save config {{.profile}}", out.V{"profile": profile})
}
Expand Down
3 changes: 3 additions & 0 deletions deploy/addons/ingress/ingress-dp.yaml.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ spec:
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
{{if .CustomIngressCert}}
- --default-ssl-certificate={{ .CustomIngressCert }}
{{end}}
securityContext:
capabilities:
drop:
Expand Down
2 changes: 2 additions & 0 deletions pkg/minikube/assets/addons.go
Original file line number Diff line number Diff line change
Expand Up @@ -489,13 +489,15 @@ func GenerateTemplateData(cfg config.KubernetesConfig) interface{} {
ImageRepository string
LoadBalancerStartIP string
LoadBalancerEndIP string
CustomIngressCert string
StorageProvisionerVersion string
}{
Arch: a,
ExoticArch: ea,
ImageRepository: cfg.ImageRepository,
LoadBalancerStartIP: cfg.LoadBalancerStartIP,
LoadBalancerEndIP: cfg.LoadBalancerEndIP,
CustomIngressCert: cfg.CustomIngressCert,
StorageProvisionerVersion: version.GetStorageProvisionerVersion(),
}

Expand Down
1 change: 1 addition & 0 deletions pkg/minikube/config/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ type KubernetesConfig struct {
ImageRepository string
LoadBalancerStartIP string // currently only used by MetalLB addon
LoadBalancerEndIP string // currently only used by MetalLB addon
CustomIngressCert string // used by Ingress addon
ExtraOptions ExtraOptionSlice

ShouldLoadCachedImages bool
Expand Down
44 changes: 44 additions & 0 deletions site/content/en/docs/tutorials/custom_cert_ingress.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
title: "How to use custom TLS certificate with ingress addon"
linkTitle: "Using custom TLS certificate with ingress addon"
weight: 1
date: 2020-11-30
---

## Overview

- This tutorial will show you how to configure custom TLS certificatate for ingress addon.

## Tutorial

- Start minikube
```
$ minikube start
```

- Create TLS secret which contains custom certificate and private key
```
$ kubectl -n kube-system create secret tls mkcert --key key.pem --cert cert.pem
```

- Configure ingress addon
```
$ minikube addons configure ingress
-- Enter custom cert(format is "namespace/secret"): kube-system/mkcert
✅ ingress was successfully configured
```

- Enable ingress addon (disable first when already enabled)
```
$ minikube addons disable ingress
🌑 "The 'ingress' addon is disabled
$ minikube addons enable ingress
🔎 Verifying ingress addon...
🌟 The 'ingress' addon is enabled
```
- Verify if custom certificate was enabled
```
$ kubectl -n kube-system get deployment ingress-nginx-controller -o yaml | grep "kube-system"
- --default-ssl-certificate=kube-system/mkcert
```

0 comments on commit 114faa7

Please sign in to comment.