ingress-nginx-helm/controllers/nginx/examples/tls/README.md

This is an example to use a TLS Ingress rule to use SSL in NGINX

*First expose the `echoheaders` service:*

```
kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080
kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x
```

*Next create a SSL certificate for `foo.bar.com` host:*

```
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=foo.bar.com"
```

*Now store the SSL certificate in a secret:*

```
echo "
apiVersion: v1
kind: Secret
metadata:
  name: foo-secret
data:
  tls.crt: `base64 /tmp/tls.crt`
  tls.key: `base64 /tmp/tls.key`
" | kubectl create -f -
```

*Finally create a tls Ingress rule:*

```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: foo
  namespace: default
spec:
  tls:
  - hosts:
    - foo.bar.com
    secretName: foo-secret
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: echoheaders-x
          servicePort: 80
        path: /
" | kubectl create -f -
```

```
TODO: 
- show logs
- curl
```


##### Another example:

This shows a more complex example that creates the servers `foo.bar.com` and `bar.baz.com` where only `foo.bar.com` uses SSL

```
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: complex-foo
  namespace: default
spec:
  tls:
  - hosts:
    - foo.bar.com
    secretName: foo-tls
  - hosts:
    - bar.baz.com
    secretName: foo-tls
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: echoheaders-x
          servicePort: 80
        path: /
  - host: bar.baz.com
    http:
      paths:
      - backend:
          serviceName: echoheaders-y
          servicePort: 80
        path: /
```


```
TODO: 
- show logs
- curl
```
Add complete TLS example in nginx Ingress controller 2016-04-13 01:13:55 +00:00			`This is an example to use a TLS Ingress rule to use SSL in NGINX`

			First expose the `echoheaders` service:

			```
			`kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080`
			`kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x`
			```

			Next create a SSL certificate for `foo.bar.com` host:

			```
			`openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=foo.bar.com"`
			```

			`Now store the SSL certificate in a secret:`

			```
			`echo "`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: foo-secret`
			`data:`
			tls.crt: `base64 /tmp/tls.crt`
			tls.key: `base64 /tmp/tls.key`
			`" \| kubectl create -f -`
			```

			`Finally create a tls Ingress rule:`

			```
			`apiVersion: extensions/v1beta1`
			`kind: Ingress`
			`metadata:`
			`name: foo`
			`namespace: default`
			`spec:`
			`tls:`
			`- hosts:`
			`- foo.bar.com`
			`secretName: foo-secret`
			`rules:`
			`- host: foo.bar.com`
			`http:`
			`paths:`
			`- backend:`
			`serviceName: echoheaders-x`
			`servicePort: 80`
			`path: /`
			`" \| kubectl create -f -`
			```

			```
			`TODO:`
			`- show logs`
			`- curl`
			```


			`##### Another example:`

			This shows a more complex example that creates the servers `foo.bar.com` and `bar.baz.com` where only `foo.bar.com` uses SSL

			```
			`apiVersion: extensions/v1beta1`
			`kind: Ingress`
			`metadata:`
			`name: complex-foo`
			`namespace: default`
			`spec:`
			`tls:`
			`- hosts:`
			`- foo.bar.com`
			`secretName: foo-tls`
			`- hosts:`
			`- bar.baz.com`
			`secretName: foo-tls`
			`rules:`
			`- host: foo.bar.com`
			`http:`
			`paths:`
			`- backend:`
			`serviceName: echoheaders-x`
			`servicePort: 80`
			`path: /`
			`- host: bar.baz.com`
			`http:`
			`paths:`
			`- backend:`
			`serviceName: echoheaders-y`
			`servicePort: 80`
			`path: /`
			```


			```
			`TODO:`
			`- show logs`
			`- curl`
			```