diff --git a/controllers/nginx/examples/tls/README.md b/controllers/nginx/examples/tls/README.md index e69de29bb..bc34b63a6 100644 --- a/controllers/nginx/examples/tls/README.md +++ b/controllers/nginx/examples/tls/README.md @@ -0,0 +1,101 @@ +This is an example to use a TLS Ingress rule to use SSL in NGINX + +*First expose the `echoheaders` service:* + +``` +kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080 +kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x +``` + +*Next create a SSL certificate for `foo.bar.com` host:* + +``` +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=foo.bar.com" +``` + +*Now store the SSL certificate in a secret:* + +``` +echo " +apiVersion: v1 +kind: Secret +metadata: + name: foo-secret +data: + tls.crt: `base64 /tmp/tls.crt` + tls.key: `base64 /tmp/tls.key` +" | kubectl create -f - +``` + +*Finally create a tls Ingress rule:* + +``` +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: foo + namespace: default +spec: + tls: + - hosts: + - foo.bar.com + secretName: foo-secret + rules: + - host: foo.bar.com + http: + paths: + - backend: + serviceName: echoheaders-x + servicePort: 80 + path: / +" | kubectl create -f - +``` + +``` +TODO: +- show logs +- curl +``` + + +##### Another example: + +This shows a more complex example that creates the servers `foo.bar.com` and `bar.baz.com` where only `foo.bar.com` uses SSL + +``` +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: complex-foo + namespace: default +spec: + tls: + - hosts: + - foo.bar.com + secretName: foo-tls + - hosts: + - bar.baz.com + secretName: foo-tls + rules: + - host: foo.bar.com + http: + paths: + - backend: + serviceName: echoheaders-x + servicePort: 80 + path: / + - host: bar.baz.com + http: + paths: + - backend: + serviceName: echoheaders-y + servicePort: 80 + path: / +``` + + +``` +TODO: +- show logs +- curl +```