Deploy PhpMyAdmin on Kubernetes to Manage MySQL Pods

Deploy PhpMyAdmin on Kubernetes to manage MySQL pods

Overview

In this tutorial, you will learn how to deploy PhpMyAdmin to Kubernetes for managing your MySQL server pods.

It is very likely that your MySQL Server is only available from within the Kubernetes cluster, as services like this shouldn’t be exposed to the public Internet. However, you will need a solution to manage your databases, and one that doesn’t include running exec to gain access to the pod or pods directly.

PhpMyAdmin is a very popular web frontend for managing MySQL servers. It is a good candidate for being able to manage the MySQL servers hosted in Kubernetes, as it enables us to manage all of our databases easily and effectively.

Getting Started

Resources used for this tutorial are available from Github. You may freely download them to follow along or as templates for your own environment.

Deploying PhpMyAdmin Pods

Secrets

Our PhpMyAdmin deployment will link to an already existing MySQL service, rather than allowing users to specify the address to the service. PhpMyAdmin will need to know the root password of the MySQL server it is connecting to.

A secret has already been created to store the root password for MySQL. We will target our PhpMyAdmin at this secret, that is shared with the MySQL pods. An example of the secret data is shown below for reference.

---
apiVersion: v1
kind: Secret
metadata:
  name: mysql-secrets
type: Opaque
data:
  root-password: c3VwZXItc2VjcmV0LXBhc3N3b3Jk

The root-password value is a arbitrary key name created to store a base64 encoded string of the MySQL server’s root password. All secret values in a Secret resource file must be base64 encoded.

The PhpMyAdmin Kubernetes deployment will reference the root-password key to set the MYSQL_ROOT_PASSWORD environment variable, when the pod’s container starts.

Create a Deployment Resource

Create a new file named deployment.yml.

touch deployment.yml

Add the following contents to the deployment.yml file.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: phpmyadmin-deployment
  labels:
    app: phpmyadmin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: phpmyadmin
  template:
    metadata:
      labels:
        app: phpmyadmin
    spec:
      containers:
        - name: phpmyadmin
          image: phpmyadmin/phpmyadmin
          ports:
            - containerPort: 80
          env:
            - name: PMA_HOST
              value: mysql-service
            - name: PMA_PORT
              value: "3306"
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mysql-secrets
                  key: root-password

Create the deployment using the kubectl apply command

kubectl apply -f deployment.yml

Create a Service Resource

Kubernetes pods are ephemeral and their IP address lives only as long as the pod does. This is problematic for long-term accessibility to PhpMyAdmin, which is why we create a service resource for our pods.

A service resource will be assigned a static IP address, and all requests to this IP address will be forwarded to the backend PhpMyAdmin pods. The service resources is coupled to the pods via labels.

Create a new file named service.yml

touch service.yml

Add the following contents to it. Since our PhpMyAdmin pods are assigned a label of phpmyadmin, we will use this as a selector in the service.

---
apiVersion: v1
kind: Service
metadata:
  name: phpmyadmin-service
spec:
  type: NodePort
  selector:
    app: phpmyadmin
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

To create the service resource we use the kubectl apply command.

kubectl apply -f service.yml

Ingress Controller

To simplify exposing PhpMyAdmin to the public Internet, an ingress resource will be created. The ingress resource will point to the PhpMyAdmin service resource.

Creating a Basic HTTP Ingress

Create a new file named ingress.yml

touch ingress.yml

Add the following contents to it.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: phpmyadmin-http-ingress
spec:
  backend:
    serviceName: phpmyadmin-service
    servicePort: 80

Create the ingress resource using the kubectl apply command.

kubectl apply -f ingress.yml

Securing the Ingress with TLS

The above ingress example exposes PhpMyAdmin over HTTP, which means all sensitive information is accessible by any network our traffic is traversing through. This is obvious a bad practice for production environments.

To secure the Ingress endpoint you will need the following:

  • Certificate Authority Certificate
  • TLS Certificate
  • TLS Key

All three files will need to be stored as Kubernetes secrets. Create a new secret using the following command, replacing the filenames with those that match your environment.

kubectl create secret generic ingress-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt

Alternatively, you create another secret resource file and store the base64 encoded string of each file. To base64 encode the files, use the following command against each file.

base64 -i <filename>

With the base64 encoded file values, the following is an example of a secrets file storing the required certificates and keys.

---
apiVersion: v1
kind: Secret
metadata:
  name: ingess-tls-secret
type: Opaque
data:
  ca.crt: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREJKTUJvNVdkR1ZrYmIKWEY4QU1Eb0lLdWgrbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5ZwppS0FSeW5MaWdIOG5JZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5CmE5bGt3M0hnQk1tOWt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEUKVjNwaUtTRnkveW4wQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2Ygp0MFVxRWxBOEcvQkwxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44CnllZ2hjUnNVbDBkN1N0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00KK3FDOTVTeDdqWHZ1a1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZwpIc1ZQY3BEU3REZ1kzZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNCkdQMGFwOXhtalc3R255SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWgKOE9tdVpzZlhhMTBDZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bApIR29iZ0FFY3NRNk1iVXFEWWtXT09PcnY0bHZJWVFJREFRQUJBb0lDQUZHQk9ORUxQYkdvNXUzYTVSd25QZFlFCmhXZ3BFNlBxNm5XYnJCZStRdnFDdVVBRVI2TWdpMFExYXg4bmFmenhDTnM2MjhNV0drb3M4YlZDOG9tUGJUdTQKRGZCdGpISnhEcnRWRVdEZFlGRy8vUnQxTjcwQ2FSZTBiS25RN1dIdEpCd2MwcG90elhhVWdBREpFa3c3VGVyRApHbjh0ZllYQWFPSzdrenJ1enc1T0UwMkI0UlNQUURRbXlZQ204TzVaNXBtQ1dwTm1hT2wza3hIditHMUQvaUdSCkhCc21qR2xWeDYyMTVOM0NYMWh1U3hvV3F2MWN5K2NyaUdRdjdnMUlQVzNWdWpMc3Eyc1RiWDZpc0VVNHhUTVkKZHljSXhESytOT1JzV2Q1RERGK2E0bFAzSHBjQWozejV6NlR2aXo2RUw1WXM4VFpxTGluSFh2UGlJRnM4Wjdoawoxeks3NjBKK1VuemhVaERwSy9WVUdiOEc3cEkxMERwSlFISENUMmlGSTZvdVZoUVRnd0NHUCtnTWVmSDg2VmU0CnVzZmMyZVJBZEE3ZVFrOVdrK0RpSWkvTzlYWitSZzNraW1sRWs0eUFQUXZyUTg2b1I0UmxFampqZjhGQTNZTysKTzZRbVQwWXpJblY0M29ObjhkNXdhRDhsb2hrcnZPaGNYZkY0eGdCNWplYW05NkhMc0N1V25Xbm8xeThPTFNXeApGWjA2Y3Jkb3pTVzVSZkFpVCtIcndLdktSSmZqR1psd0dmaW1VTEszSVpQTjVjcG03ZjdMUDMwWXEzQWFxaUJSCjYxakp1QzV5c0pEWXFYWituRE9yN0RraUlOYWJpNWcwVm9RQlBTcjIyTEcweUtGRGdpR0I0UmRCdzBlbFBaQkcKYS9aZm5VQmhYVC81TTlieWhiWWhBb0lCQVFEcHJ1RXFna1RZUmhYbncydmRuQkRrVW5rOWJYcGJuaFJQRzc4YQo2TGJqVzZXemhqVExZcmdHdFlnNUhTSHJJaVRrb0NyNFJ3M1N6WlNTMUdJYTBoS1BvQnI5V1FlTUNvcjlyc1pYCkNyQktQT1B1R2ZWNXlNNHVMWmZSRTdFWHIrTENWbUJLWmtJTFpwaTV2R3RvVzV0VG1lVDFzck1KVzVhbHROVDYKczhmdy9qYmh5OWl5dk5NWElNaC9ZempnWmhFdFgrcCtXcmZ6RUZ4cS9tbzc0Qml1OEdrcDZTcDB1eU94QVBYVAowTm9CWjFZY0pZT2ViVHdvZzJNQlF4NlZqZXhUN2tQRk12ZzdnVENGY2ZTSC93dGw2QzlSLzFJUmpwUjJIQS9ZCmRkN3dKTnZ6SFpYSFgvY2FDK1NSSUhqVUFtWDdoR0ZGNFhNbDBOOVB4cytNRkNzZkFvSUJBUURUbHNFeWZBY1cKVS96N3BndVJqdTFqQWZMNzdpRm04VkJpZUpaajhWSVhCbjBmY3FyaGlENDgvZ0d0M3ljTzVIUm8ycExmcWQxbAorT1RJUytvYUtmaUVTY2VrQnVMZWhnMDEyZGFBTkNMQmphZ0VkbXZhSDdTRXQzb2t2SnZCNWJWQ3JjbTlJdExSCi8rd1FQc2oxWVFBMjNCWHBSSzBETXpJaW1xaHN4L3hFSjg1am5Qam4yOW0wOVU5YWY0VXA2ZEhmeEt5NzJMWGoKdG1nSTlXWmJZRjZXTnE2a1FCVXpQSDQzL1lMMGpKQi81YytmcytXUGZhci93eU1xT0trV09RQ0hnNjFMcEhtTApKbzFCbHdCM3RTMVF1MVd2SmtTSXkzRUQ5c0pUa1QwMkk5QU9ZRzcxUlN2SDVJTjYweEJwdm1LTVpyb2QwdlZ4CklSQy9vdWN1L1J4L0FvSUJBQXdqTlRiTUJWOW1aSVRoTlowUkdoK0IyU0pEcVhOUXhxVkZQNnZhSW9XMG9PcXUKTWRmT2pOaHNYV0w2REdUMkpReHE5VkJvQUdQT29jVHVteG5oaDIxR1Y2Q0pHMGMrMVBGUVBxVU92UkZlRUVpeAp1SHBXMzc2dVI1Qm9nVzVGaUhXbm51QytadmZJb0c0bFJ6N29ZeXo0ZFZmOXJDYjBSdUxjZmFOMzZ3NnRaWlJjCnppaWFmaXhaVzVDaVNyWDlGeTlRS0JIZ0RHWG5sNlZIQ2FXS2dqMno1d0p5UmU1Q09oeGJmR2xBRTlLMjExWW0KN0tzeDZVb0JhUWNMd1c3ckxEYy96TzFWTkdlQzBrNWNHT05uYitRZkp6WVBHT2dvaTdXR3g1dnFvMlc5eEY3ZwpUb05Jak1FaGxRR2t1aUhvN2ZzZWFSOEVFc01JRWxGR2RrbEVVdWtDZ2dFQVZ6NnZOUERkUDBDc2JOcy9vK3BLClNldlExRDZSZVZBQmRFa0N3ZjBNZTBBS3NiL25aQTE0bEUrc1E1UmpGNG50MGhwbU8yRmdVQjY3dnpkR05UbWYKSm5VQm84blBIREFzSEV0UlhoV2hTeXZzM3NJeG9JUTRQQTBuaVNSWUdUQnRlQ3dPcGpWSXRweVBLdmVvaHoxVApDRXZob1FqWFNoMS9DN08zeFBzRk10a3pDZkg4MUNYYjgvaSttck5BSmxNcVhkbEwzRHowYXd1WWhERWozb096CkhMODViYktheTBDalR0VHlmWUhFUjJoc0h3N2ZsalljSDAvSUhTMjEwdHI0TStpQXVWTDladm9qZnFzVDMwaE8KZ2g1c3EwYmROWWFsZUJ2MGJ0N1JYWlNRd296UzA4R00xdVNMcmtaL1d3ck11ZFhWNGx4TkpqT2JJMW01ZDYrWQpZd0tDQVFFQXY5aVNGUkhFWmJkSWJaakl2ekUvV3FaRDJWVVMxb05XVzU5ZXJibzBqOFkzUWJNb1RPVUlEQzJrCnhLZG1JQlpZNEZxeW9yd2h3aFd2aHNWajkzVzV0VzRYTGx4SmI3cWI5QkhkcUlORnc2SURCaFRMdWF0NFk4UWEKWGRUbWNCeklEWENrZmV3MjI3RGk0bjFLVGpiMktlK3FYUGhpeGNZUnN4cFdmbVFmS3pVK2EweFNNTy9vQWIwMAo0RlN0WG9SY0xyRHczWnZ0cmZkK0ZWdytKZzlOeFl1d2VhczFWOVM5SnNHZFdoTHdZSk1vTUNGUGtHRWx2TTB5CjJvMFBzMk50aktvRWtvRzZuMzBqQlA0cUVNMXJOdURCa2p5amEwUllqaklnOFJTUGgrbzJobHU1b2VoL0ZBRm4Kd2dGS3NQb3g1cmptM09OS0NHSXVmV0NLRmUxMEdRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
  tls.crt: c3VwZXItc2VjcmV0LXBhc3N3b3JkLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZVakNDQXpvQ0NRQ0ZmV0owVURPYzFEQU5CZ2txaGtpRzl3MEJBUXNGQURCck1Rc3dDUVlEVlFRR0V3SkQKUVRFUU1BNEdBMVVFQ0F3SFQyNTBZWEpwYnpFUU1BNEdBMVVFQnd3SFZHOXliMjUwYnpFU01CQUdBMVVFQ2d3SgpVMlZ5ZG1WeWJHRmlNU1F3SWdZRFZRUUREQnRrWlcxdmNHaHdiWGxoWkcxcGJpNXpaWEoyWlhKc1lXSXVZMkV3CkhoY05NVGt3TlRJek1ESXdNelU0V2hjTk1qQXdOVEl5TURJd016VTRXakJyTVFzd0NRWURWUVFHRXdKRFFURVEKTUE0R0ExVUVDQXdIVDI1MFlYSnBiekVRTUE0R0ExVUVCd3dIVkc5eWIyNTBiekVTTUJBR0ExVUVDZ3dKVTJWeQpkbVZ5YkdGaU1TUXdJZ1lEVlFRRERCdGtaVzF2Y0dod2JYbGhaRzFwYmk1elpYSjJaWEpzWVdJdVkyRXdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREJKTUJvNVdkR1ZrYmJYRjhBTURvSUt1aCsKbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5Z2lLQVJ5bkxpZ0g4bgpJZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5YTlsa3czSGdCTW05Cmt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEVWM3BpS1NGeS95bjAKQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2YnQwVXFFbEE4Ry9CTAoxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44eWVnaGNSc1VsMGQ3ClN0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00rcUM5NVN4N2pYdnUKa1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZ0hzVlBjcERTdERnWQozZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNR1AwYXA5eG1qVzdHCm55SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWg4T211WnNmWGExMEMKZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bEhHb2JnQUVjc1E2TQpiVXFEWWtXT09PcnY0bHZJWVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFRY0VYNElMWkgwZ3cvCmd5NVFBdG8rdW5qb2MrZ3FlazhKQytKVEwxS0ZuVldIamk3Z1RzYzF6dkx0aXNBd0x2VGFyS1ZDbDNlVGN6SG8KRllqaFFIb3ZMc3VjT3lxY0xYcFJEdG93QUNlM3hTWEhocDRtZGFZYmdmc09pS081cmI3U2J2bnZ3UGJ1U0lIMgpQZUFkR3BvSWVHdlhKaWlSRXorY0JPZFd5VTUrS0w2N3ZjODJiQXlXVlRpVzdaSTBobHIvTmkwTks1S1pmdDRsCk1vQUtabnhKZDdocHA5YzB2dERNeE5RRGEzQ0xLUm96UmpZcUt5dHZhZTFPTVhoL1NLY0NiakpDQVJYNm03YXQKZG9ieGlWSHVIOWhDcUoyTmZoN2JFcnV6UE5CZlZaV294dTE1SE8wdnRYODhzUElYZXJZWlRwell3TjdCUEpUaApLVi9GREh2ZWJzWFY1ZDVhSTRlRFY0RnpmUFM2b2hJRTZwc0VVOFQyTkxMZW5vVzdRdk1YVTNwMm1HRG1JWGQzCndFS3ZXWkR6dXRZaGluWEN4RkZuNVNVNmhCUXJIR3UxWnl5YjZwSEwvVE1oTzVwbkF0ajA1WlN2a20yVUYybjgKa3RKcDFLYWNSTlpMOFFzOWhvYXhYcjZKYm9lOTZTN3djRDRFYkxwVkhvQjArbU9lYWh0WUI5ZDUvMzhBa0tJTApPczl1alFCc3JlVmZUWEEvUnNGUHRBV3JpZ1NLVHNpUmp5VlBJSHdlcU52c2E2UHROenZnZTRhTUlPYkJKcHg3CkxPLy93aXhiL0dDSkg5OXBBN2tSeHV2eUdDd081UzhjZWdzeEdxMHRBS01maHUyZE1zNmNZbHJiNjFVb1FoNHQKL2gwdTQ2TmNIYlRZeXVBbFFlMmNYeEdHVmcvU2pnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZVakNDQXpvQ0NRQ0ZmV0owVURPYzFEQU5CZ2txaGtpRzl3MEJBUXNGQURCck1Rc3dDUVlEVlFRR0V3SkQKUVRFUU1BNEdBMVVFQ0F3SFQyNTBZWEpwYnpFUU1BNEdBMVVFQnd3SFZHOXliMjUwYnpFU01CQUdBMVVFQ2d3SgpVMlZ5ZG1WeWJHRmlNU1F3SWdZRFZRUUREQnRrWlcxdmNHaHdiWGxoWkcxcGJpNXpaWEoyWlhKc1lXSXVZMkV3CkhoY05NVGt3TlRJek1ESXdNelU0V2hjTk1qQXdOVEl5TURJd016VTRXakJyTVFzd0NRWURWUVFHRXdKRFFURVEKTUE0R0ExVUVDQXdIVDI1MFlYSnBiekVRTUE0R0ExVUVCd3dIVkc5eWIyNTBiekVTTUJBR0ExVUVDZ3dKVTJWeQpkbVZ5YkdGaU1TUXdJZ1lEVlFRRERCdGtaVzF2Y0dod2JYbGhaRzFwYmk1elpYSjJaWEpzWVdJdVkyRXdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREJKTUJvNVdkR1ZrYmJYRjhBTURvSUt1aCsKbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5Z2lLQVJ5bkxpZ0g4bgpJZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5YTlsa3czSGdCTW05Cmt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEVWM3BpS1NGeS95bjAKQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2YnQwVXFFbEE4Ry9CTAoxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44eWVnaGNSc1VsMGQ3ClN0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00rcUM5NVN4N2pYdnUKa1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZ0hzVlBjcERTdERnWQozZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNR1AwYXA5eG1qVzdHCm55SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWg4T211WnNmWGExMEMKZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bEhHb2JnQUVjc1E2TQpiVXFEWWtXT09PcnY0bHZJWVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFRY0VYNElMWkgwZ3cvCmd5NVFBdG8rdW5qb2MrZ3FlazhKQytKVEwxS0ZuVldIamk3Z1RzYzF6dkx0aXNBd0x2VGFyS1ZDbDNlVGN6SG8KRllqaFFIb3ZMc3VjT3lxY0xYcFJEdG93QUNlM3hTWEhocDRtZGFZYmdmc09pS081cmI3U2J2bnZ3UGJ1U0lIMgpQZUFkR3BvSWVHdlhKaWlSRXorY0JPZFd5VTUrS0w2N3ZjODJiQXlXVlRpVzdaSTBobHIvTmkwTks1S1pmdDRsCk1vQUtabnhKZDdocHA5YzB2dERNeE5RRGEzQ0xLUm96UmpZcUt5dHZhZTFPTVhoL1NLY0NiakpDQVJYNm03YXQKZG9ieGlWSHVIOWhDcUoyTmZoN2JFcnV6UE5CZlZaV294dTE1SE8wdnRYODhzUElYZXJZWlRwell3TjdCUEpUaApLVi9GREh2ZWJzWFY1ZDVhSTRlRFY0RnpmUFM2b2hJRTZwc0VVOFQyTkxMZW5vVzdRdk1YVTNwMm1HRG1JWGQzCndFS3ZXWkR6dXRZaGluWEN4RkZuNVNVNmhCUXJIR3UxWnl5YjZwSEwvVE1oTzVwbkF0ajA1WlN2a20yVUYybjgKa3RKcDFLYWNSTlpMOFFzOWhvYXhYcjZKYm9lOTZTN3djRDRFYkxwVkhvQjArbU9lYWh0WUI5ZDUvMzhBa0tJTApPczl1alFCc3JlVmZUWEEvUnNGUHRBV3JpZ1NLVHNpUmp5VlBJSHdlcU52c2E2UHROenZnZTRhTUlPYkJKcHg3CkxPLy93aXhiL0dDSkg5OXBBN2tSeHV2eUdDd081UzhjZWdzeEdxMHRBS01maHUyZE1zNmNZbHJiNjFVb1FoNHQKL2gwdTQ2TmNIYlRZeXVBbFFlMmNYeEdHVmcvU2pnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=

We enable TLS encryption for the ingress controller by adding the following annotations to the metadata section of the ingress.yml file.

We enable TLS encryption for the ingress controller by adding the following annotations to the metadata section of the ingress.yml file.

  • nginx.ingress.kubernetes.io/auth-tls-verify-client
  • nginx.ingress.kubernetes.io/auth-tls-secret
  • nginx.ingress.kubernetes.io/auth-tls-verify-depth

Update the ingress.yml resource file to include annotations. The update file should look like the following example when done.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: phpmyadmin-http-ingress
  annotations:
    # Enable client certificate authentication
    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
    # Create the secret containing the trusted ca certificates
    nginx.ingress.kubernetes.io/auth-tls-secret: "default/ingress-tls-secret"
    # Specify the verification depth in the client certificates chain
    nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1"
spec:
  backend:
    serviceName: phpmyadmin-service
    servicePort: 80