From e1aa07feb2e878bdf6719b1740724219b29b3f55 Mon Sep 17 00:00:00 2001 From: msedzins Date: Mon, 30 Nov 2020 22:53:27 +0000 Subject: [PATCH] Ability to use a custom TLS certificate with the Ingress Tutorial added --- cmd/minikube/cmd/config/configure.go | 17 +++++++ deploy/addons/ingress/ingress-dp.yaml.tmpl | 3 ++ pkg/minikube/assets/addons.go | 2 + pkg/minikube/config/types.go | 1 + .../en/docs/tutorials/custom_cert_ingress.md | 44 +++++++++++++++++++ 5 files changed, 67 insertions(+) create mode 100644 site/content/en/docs/tutorials/custom_cert_ingress.md diff --git a/cmd/minikube/cmd/config/configure.go b/cmd/minikube/cmd/config/configure.go index 5b4d5301b6bb..b5800cf2fb84 100644 --- a/cmd/minikube/cmd/config/configure.go +++ b/cmd/minikube/cmd/config/configure.go @@ -19,6 +19,7 @@ package config import ( "io/ioutil" "net" + "regexp" "github.com/spf13/cobra" "k8s.io/minikube/pkg/minikube/config" @@ -204,6 +205,22 @@ var addonsConfigureCmd = &cobra.Command{ cfg.KubernetesConfig.LoadBalancerEndIP = AskForStaticValidatedValue("-- Enter Load Balancer End IP: ", validator) } + if err := config.SaveProfile(profile, cfg); err != nil { + out.ErrT(style.Fatal, "Failed to save config {{.profile}}", out.V{"profile": profile}) + } + case "ingress": + profile := ClusterFlagValue() + _, cfg := mustload.Partial(profile) + + validator := func(s string) bool { + format := regexp.MustCompile("^.+/.+$") + return format.MatchString(s) + } + + if cfg.KubernetesConfig.CustomIngressCert == "" { + cfg.KubernetesConfig.CustomIngressCert = AskForStaticValidatedValue("-- Enter custom cert(format is \"namespace/secret\"): ", validator) + } + if err := config.SaveProfile(profile, cfg); err != nil { out.ErrT(style.Fatal, "Failed to save config {{.profile}}", out.V{"profile": profile}) } diff --git a/deploy/addons/ingress/ingress-dp.yaml.tmpl b/deploy/addons/ingress/ingress-dp.yaml.tmpl index 56f9dc344373..fda40ff2bae0 100644 --- a/deploy/addons/ingress/ingress-dp.yaml.tmpl +++ b/deploy/addons/ingress/ingress-dp.yaml.tmpl @@ -65,6 +65,9 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key + {{if .CustomIngressCert}} + - --default-ssl-certificate={{ .CustomIngressCert }} + {{end}} securityContext: capabilities: drop: diff --git a/pkg/minikube/assets/addons.go b/pkg/minikube/assets/addons.go index 609b10381838..85aa09d225e5 100644 --- a/pkg/minikube/assets/addons.go +++ b/pkg/minikube/assets/addons.go @@ -489,6 +489,7 @@ func GenerateTemplateData(cfg config.KubernetesConfig) interface{} { ImageRepository string LoadBalancerStartIP string LoadBalancerEndIP string + CustomIngressCert string StorageProvisionerVersion string }{ Arch: a, @@ -496,6 +497,7 @@ func GenerateTemplateData(cfg config.KubernetesConfig) interface{} { ImageRepository: cfg.ImageRepository, LoadBalancerStartIP: cfg.LoadBalancerStartIP, LoadBalancerEndIP: cfg.LoadBalancerEndIP, + CustomIngressCert: cfg.CustomIngressCert, StorageProvisionerVersion: version.GetStorageProvisionerVersion(), } diff --git a/pkg/minikube/config/types.go b/pkg/minikube/config/types.go index 1d19604bc4af..d95e9f7c85f4 100644 --- a/pkg/minikube/config/types.go +++ b/pkg/minikube/config/types.go @@ -92,6 +92,7 @@ type KubernetesConfig struct { ImageRepository string LoadBalancerStartIP string // currently only used by MetalLB addon LoadBalancerEndIP string // currently only used by MetalLB addon + CustomIngressCert string // used by Ingress addon ExtraOptions ExtraOptionSlice ShouldLoadCachedImages bool diff --git a/site/content/en/docs/tutorials/custom_cert_ingress.md b/site/content/en/docs/tutorials/custom_cert_ingress.md new file mode 100644 index 000000000000..1f419e6207e7 --- /dev/null +++ b/site/content/en/docs/tutorials/custom_cert_ingress.md @@ -0,0 +1,44 @@ +--- +title: "How to use custom TLS certificate with ingress addon" +linkTitle: "Using custom TLS certificate with ingress addon" +weight: 1 +date: 2020-11-30 +--- + +## Overview + +- This tutorial will show you how to configure custom TLS certificatate for ingress addon. + +## Tutorial + +- Start minikube +``` +$ minikube start +``` + +- Create TLS secret which contains custom certificate and private key +``` +$ kubectl -n kube-system create secret tls mkcert --key key.pem --cert cert.pem +``` + +- Configure ingress addon +``` +$ minikube addons configure ingress +-- Enter custom cert(format is "namespace/secret"): kube-system/mkcert +✅ ingress was successfully configured +``` + +- Enable ingress addon (disable first when already enabled) +``` +$ minikube addons disable ingress +🌑 "The 'ingress' addon is disabled + +$ minikube addons enable ingress +🔎 Verifying ingress addon... +🌟 The 'ingress' addon is enabled +``` +- Verify if custom certificate was enabled +``` +$ kubectl -n kube-system get deployment ingress-nginx-controller -o yaml | grep "kube-system" +- --default-ssl-certificate=kube-system/mkcert +``` \ No newline at end of file