Prerequisites
Before starting, ensure you have:
- An SSL certificate (
certificate.crt) - A CA bundle file (
ca_bundle.crt) - A private key (
private.key) kubectlinstalled and configured to connect to your Kubernetes cluster- Administrative access to PowerShell or Command Prompt (CMD)
Step 1: Merge the Certificate and CA Bundle
Kubernetes TLS secrets require a single certificate file that includes both the certificate and the CA bundle.
Using PowerShell:
Open PowerShell and run the following command to merge the certificate and CA bundle into a single file:
Get-Content certificate.crt, ca_bundle.crt | Set-Content fullchain.crt
Using Command Prompt (CMD):
If you prefer CMD, open it and run:
copy /b certificate.crt + ca_bundle.crt fullchain.crt
This creates fullchain.crt, which contains both the certificate and CA bundle.
Step 2: Create the Kubernetes TLS Secret
Now, create the Kubernetes TLS secret using the fullchain.crt and private.key:
kubectl create secret tls whmcs-tls `
--cert=fullchain.crt `
--key=private.key
If using CMD:
kubectl create secret tls whmcs-tls --cert=fullchain.crt --key=private.key
This creates a secret named whmcs-tls in your Kubernetes cluster.
Step 3: Verify the Secret
Check if the secret was created successfully:
kubectl get secrets whmcs-tls -o yaml
If the secret appears in the output, it is ready for use.
Step 4: Apply the Ingress Configuration
Ensure your Ingress resource is configured to use the TLS secret. Your ingress.yaml file should look like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whmcs-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- portal.hostraha.com
secretName: whmcs-tls
rules:
- host: portal.hostraha.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whmcs-service
port:
number: 80
Apply the Ingress configuration:
kubectl apply -f ingress.yaml
Check the status:
kubectl get ingress whmcs-ingress
Step 5: Test the SSL Configuration
Once the Ingress is set up, test if HTTPS is working:
curl -v https://portal.hostraha.com
Or open a web browser and visit https://portal.hostraha.com.
If everything is set up correctly, your site should be accessible via HTTPS.
Troubleshooting
Check if the Secret Exists:
kubectl get secrets
If the whmcs-tls secret is missing, recreate it.
Check Ingress Logs:
If the site is not accessible, check the logs of the NGINX Ingress Controller:
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
Ensure NGINX Ingress is Installed:
If your cluster doesn’t have an Ingress controller, install it:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
Conclusion
You have successfully created a Kubernetes TLS secret using an SSL certificate, CA bundle, and private key on Windows. Your WHMCS site should now be secured with HTTPS in Kubernetes.
Let me know if you need further assistance! 🚀