I have a GKE cluster & I want to try ingress with a fake localhost dns like https://main.local
set a local dns to your ingress external IP
/etc/hosts :
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost docker.for.mac.localhost
255.255.255.255 broadcasthost
::1 localhost
xx.xxx.xxx.xx main.local
Generate SSL cert with letsencrypt:
e.g : ssl for https://main.local
openssl req -x509 -out main.crt -keyout main.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=main.local' -extensions EXT -config <( \
printf "[dn]\nCN=main.local\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:main.local\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
Create Secret TLS on your K8S cluster
kubectl create secret tls tls-main --key main.key --cert main.crt
Put it in your Ingress
here I use Contour proxy
main-route.yaml :
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: main-httpproxy
namespace: default
spec:
virtualhost:
fqdn: main.local
tls:
secretName: tls-main
routes:
- services:
- name: myservice
port: 80
Set cert trust on OSX
Launch Application/Utilities/Keychain Access.app & upload your main.crt
set trusted always
see tuto
Top comments (0)