Install nginx ingress v1

Note for install nginx ingress with let’s encrypt

Add helm repo

helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update

Install nginx

helm install nginx-ingress nginx-stable/nginx-ingress --set controller.publishService.enabled=true -n nginx-system --create-namespace

Create ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kong-ingress
  namespace: openapi
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - host: access.authz.one
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: openapi-kong-proxy
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sso-ingress
  namespace: openapi
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
    - host: sso.authz.one
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: openapi-ssoweb
                port:
                  number: 80

Install SSL via jetstack/cert-manager

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.crds.yaml

or

helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
  cert-manager jetstack/cert-manager \
  -n cert-manager \
  --create-namespace \
  --version v1.5.3 \
  --set installCRDs=true

Create issuer file

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: authz-one-issuer
spec:
  acme:
    email: support@authz.one
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: authz-one-issuer-account-key
    solvers:
      - http01:
          ingress:
            class: nginx

then

kubectl create -f issuer.yaml

Create certificate file

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-access-authz-one
  namespace: openapi
spec:
  secretName: access-autz-one-certificate
  issuerRef:
    name: authz-one-issuer
    kind: ClusterIssuer
  dnsNames:
    - access.authz.one
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: cert-sso-authz-one
  namespace: openapi
spec:
  secretName: sso-autz-one-certificate
  issuerRef:
    name: authz-one-issuer
    kind: ClusterIssuer
  dnsNames:
    - sso.authz.one

Update ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kong-ingress
  namespace: openapi
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "authz-one-issuer"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - hosts:
        - access.authz.one
      secretName: access-autz-one-certificate
  rules:
    - host: access.authz.one
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: openapi-kong-proxy
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sso-ingress
  namespace: openapi
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "authz-one-issuer"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - hosts:
        - sso.authz.one
      secretName: sso-autz-one-certificate
  rules:
    - host: sso.authz.one
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: openapi-ssoweb
                port:
                  number: 80