Certification setup

k8s/certificate.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: k8s-multi-com-tls
+spec:
+  secretName: k8s-multi-com
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+  commonName: k8s-multi.com
+  dnsNames:
+    - k8s-multi-com
+    - www.k8s-multi.com
+  acme:
+      config:
+        - http01:
+            ingressClass: nginx
+          domains:
+            - k8s-multi.com
+            - www.k8s-multi.com

k8s/ingress-service.yaml

@@ -1,22 +1,47 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-    name: ingress-service
-    annotations:
-        kubernetes.io/ingress.class: 'nginx'
-        nginx.ingress.kubernetes.io/use-regex: 'true'
-        nginx.ingress.kubernetes.io/rewrite-target: /$1
+  name: ingress-service
+  annotations:
+    kubernetes.io/ingress.class: 'nginx'
+    nginx.ingress.kubernetes.io/use-regex: 'true'
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+    certmanager.k8s.io/cluster-issuer: 'letsencrypt-prod'
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
 spec:
-    rules:
-        - http:
-            paths:
-                - path: /?(.*)
-                  pathType: Prefix
-                  backend:
-                    service:
-                      name: client-cluster-ip-service
-                      port:
-                        number: 3000
+  tls:
+    - hosts:
+        - k8s-multi.com
+        - www.k8s-multi.com
+      secretName: k8s-multi-com
+  rules:
+    - host: k8s-multi.com
+      http:
+        paths:
+          - path: /?(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: client-cluster-ip-service
+                port:
+                  number: 3000
+          - path: /api/?(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: server-cluster-ip-service
+                port:
+                  number: 5000
+    - host: www.k8s-multi.com
+      http:
+        paths:
+          - path: /?(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: client-cluster-ip-service
+                port:
+                  number: 3000
                 - path: /api/?(.*)
                   pathType: Prefix
                   backend:

k8s/issuer.yaml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: '<your email address>'
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+      - http01:
+          ingress:
+              class: nginx