ssl - Setting up multiple TLS Certificates & Domains with Kubernetes and Helm

Question

This question is more to give me some direction on how to go about the problem in general, not a specific solution to the problem.

I have a working kubernetes cluster that's using an nginx ingress as the gate to the outside world. Right now everything is on minikube, but the end goal is to move it eventually to GKE, EKS or AKS (for on premise clients that want our software).

For this I'm going to use helm charts to paremetrize the yaml files and ENV variables needed to setup the resources. I will keep using nginx as ingress to avoid maintining alb ingress or other cloud-specific ingress controllers.

My question is: I'm not sure how to manage TLS certificates and then how to point the ingress to a public domain for people to use it.

I wanted some guidance on how to go about this in general. Is the TLS certificate something that the user can provide to the helm chart before configuring it? Where can I see a small exmaple of this. And finally, is the domain responbility of the helm chart? Or is this something that has to be setup on the DNS provide (Route53) for example. Is there an example you can suggest me to take a look at?

Thanks a lot for the help.

question from:https://stackoverflow.com/questions/65928699/setting-up-multiple-tls-certificates-domains-with-kubernetes-and-helm

Answer 1

Installing certificates using Helm is perfectly fine just make sure you don't accidentally put certificates into public Git repo. Best practice is to have those certificates only on your local laptop and added to .gitignore. After that you may tell Helm to grab those certificates from their directory.

Regarding the DNS - you may use external-dns to make Kubernetes create DNS records for you. You will need first to integrate external-dns with your DNS provider and then it will watch ingress resources for domain names and automatically create them.