Overview
In this tutorial, you will learn how to deploy PhpMyAdmin to Kubernetes for managing your MySQL server pods.
It is very likely that your MySQL Server is only available from within the Kubernetes cluster, as services like this shouldn’t be exposed to the public Internet. However, you will need a solution to manage your databases, and one that doesn’t include running exec to gain access to the pod or pods directly.
PhpMyAdmin is a very popular web frontend for managing MySQL servers. It is a good candidate for being able to manage the MySQL servers hosted in Kubernetes, as it enables us to manage all of our databases easily and effectively.
Getting Started
Resources used for this tutorial are available from Github. You may freely download them to follow along or as templates for your own environment.
Deploying PhpMyAdmin Pods
Secrets
Our PhpMyAdmin deployment will link to an already existing MySQL service, rather than allowing users to specify the address to the service. PhpMyAdmin will need to know the root password of the MySQL server it is connecting to.
A secret has already been created to store the root password for MySQL. We will target our PhpMyAdmin at this secret, that is shared with the MySQL pods. An example of the secret data is shown below for reference.
--- apiVersion: v1 kind: Secret metadata: name: mysql-secrets type: Opaque data: root-password: c3VwZXItc2VjcmV0LXBhc3N3b3Jk
The root-password value is a arbitrary key name created to store a base64 encoded string of the MySQL server’s root password. All secret values in a Secret resource file must be base64 encoded.
The PhpMyAdmin Kubernetes deployment will reference the root-password key to set the MYSQL_ROOT_PASSWORD environment variable, when the pod’s container starts.
Create a Deployment Resource
Create a new file named deployment.yml.
touch deployment.yml
Add the following contents to the deployment.yml file.
--- apiVersion: apps/v1 kind: Deployment metadata: name: phpmyadmin-deployment labels: app: phpmyadmin spec: replicas: 1 selector: matchLabels: app: phpmyadmin template: metadata: labels: app: phpmyadmin spec: containers: - name: phpmyadmin image: phpmyadmin/phpmyadmin ports: - containerPort: 80 env: - name: PMA_HOST value: mysql-service - name: PMA_PORT value: "3306" - name: MYSQL_ROOT_PASSWORD valueFrom: secretKeyRef: name: mysql-secrets key: root-password
Create the deployment using the kubectl apply command
kubectl apply -f deployment.yml
Create a Service Resource
Kubernetes pods are ephemeral and their IP address lives only as long as the pod does. This is problematic for long-term accessibility to PhpMyAdmin, which is why we create a service resource for our pods.
A service resource will be assigned a static IP address, and all requests to this IP address will be forwarded to the backend PhpMyAdmin pods. The service resources is coupled to the pods via labels.
Create a new file named service.yml
touch service.yml
Add the following contents to it. Since our PhpMyAdmin pods are assigned a label of phpmyadmin, we will use this as a selector in the service.
--- apiVersion: v1 kind: Service metadata: name: phpmyadmin-service spec: type: NodePort selector: app: phpmyadmin ports: - protocol: TCP port: 80 targetPort: 80
To create the service resource we use the kubectl apply command.
kubectl apply -f service.yml
Ingress Controller
To simplify exposing PhpMyAdmin to the public Internet, an ingress resource will be created. The ingress resource will point to the PhpMyAdmin service resource.
Creating a Basic HTTP Ingress
Create a new file named ingress.yml
touch ingress.yml
Add the following contents to it.
--- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: phpmyadmin-http-ingress spec: backend: serviceName: phpmyadmin-service servicePort: 80
Create the ingress resource using the kubectl apply command.
kubectl apply -f ingress.yml
Securing the Ingress with TLS
The above ingress example exposes PhpMyAdmin over HTTP, which means all sensitive information is accessible by any network our traffic is traversing through. This is obvious a bad practice for production environments.
To secure the Ingress endpoint you will need the following:
- Certificate Authority Certificate
- TLS Certificate
- TLS Key
All three files will need to be stored as Kubernetes secrets. Create a new secret using the following command, replacing the filenames with those that match your environment.
kubectl create secret generic ingress-tls-secret --from-file=tls.crt=server.crt --from-file=tls.key=server.key --from-file=ca.crt=ca.crt
Alternatively, you create another secret resource file and store the base64 encoded string of each file. To base64 encode the files, use the following command against each file.
base64 -i <filename>
With the base64 encoded file values, the following is an example of a secrets file storing the required certificates and keys.
--- apiVersion: v1 kind: Secret metadata: name: ingess-tls-secret type: Opaque data: ca.crt: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREJKTUJvNVdkR1ZrYmIKWEY4QU1Eb0lLdWgrbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5ZwppS0FSeW5MaWdIOG5JZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5CmE5bGt3M0hnQk1tOWt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEUKVjNwaUtTRnkveW4wQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2Ygp0MFVxRWxBOEcvQkwxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44CnllZ2hjUnNVbDBkN1N0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00KK3FDOTVTeDdqWHZ1a1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZwpIc1ZQY3BEU3REZ1kzZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNCkdQMGFwOXhtalc3R255SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWgKOE9tdVpzZlhhMTBDZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bApIR29iZ0FFY3NRNk1iVXFEWWtXT09PcnY0bHZJWVFJREFRQUJBb0lDQUZHQk9ORUxQYkdvNXUzYTVSd25QZFlFCmhXZ3BFNlBxNm5XYnJCZStRdnFDdVVBRVI2TWdpMFExYXg4bmFmenhDTnM2MjhNV0drb3M4YlZDOG9tUGJUdTQKRGZCdGpISnhEcnRWRVdEZFlGRy8vUnQxTjcwQ2FSZTBiS25RN1dIdEpCd2MwcG90elhhVWdBREpFa3c3VGVyRApHbjh0ZllYQWFPSzdrenJ1enc1T0UwMkI0UlNQUURRbXlZQ204TzVaNXBtQ1dwTm1hT2wza3hIditHMUQvaUdSCkhCc21qR2xWeDYyMTVOM0NYMWh1U3hvV3F2MWN5K2NyaUdRdjdnMUlQVzNWdWpMc3Eyc1RiWDZpc0VVNHhUTVkKZHljSXhESytOT1JzV2Q1RERGK2E0bFAzSHBjQWozejV6NlR2aXo2RUw1WXM4VFpxTGluSFh2UGlJRnM4Wjdoawoxeks3NjBKK1VuemhVaERwSy9WVUdiOEc3cEkxMERwSlFISENUMmlGSTZvdVZoUVRnd0NHUCtnTWVmSDg2VmU0CnVzZmMyZVJBZEE3ZVFrOVdrK0RpSWkvTzlYWitSZzNraW1sRWs0eUFQUXZyUTg2b1I0UmxFampqZjhGQTNZTysKTzZRbVQwWXpJblY0M29ObjhkNXdhRDhsb2hrcnZPaGNYZkY0eGdCNWplYW05NkhMc0N1V25Xbm8xeThPTFNXeApGWjA2Y3Jkb3pTVzVSZkFpVCtIcndLdktSSmZqR1psd0dmaW1VTEszSVpQTjVjcG03ZjdMUDMwWXEzQWFxaUJSCjYxakp1QzV5c0pEWXFYWituRE9yN0RraUlOYWJpNWcwVm9RQlBTcjIyTEcweUtGRGdpR0I0UmRCdzBlbFBaQkcKYS9aZm5VQmhYVC81TTlieWhiWWhBb0lCQVFEcHJ1RXFna1RZUmhYbncydmRuQkRrVW5rOWJYcGJuaFJQRzc4YQo2TGJqVzZXemhqVExZcmdHdFlnNUhTSHJJaVRrb0NyNFJ3M1N6WlNTMUdJYTBoS1BvQnI5V1FlTUNvcjlyc1pYCkNyQktQT1B1R2ZWNXlNNHVMWmZSRTdFWHIrTENWbUJLWmtJTFpwaTV2R3RvVzV0VG1lVDFzck1KVzVhbHROVDYKczhmdy9qYmh5OWl5dk5NWElNaC9ZempnWmhFdFgrcCtXcmZ6RUZ4cS9tbzc0Qml1OEdrcDZTcDB1eU94QVBYVAowTm9CWjFZY0pZT2ViVHdvZzJNQlF4NlZqZXhUN2tQRk12ZzdnVENGY2ZTSC93dGw2QzlSLzFJUmpwUjJIQS9ZCmRkN3dKTnZ6SFpYSFgvY2FDK1NSSUhqVUFtWDdoR0ZGNFhNbDBOOVB4cytNRkNzZkFvSUJBUURUbHNFeWZBY1cKVS96N3BndVJqdTFqQWZMNzdpRm04VkJpZUpaajhWSVhCbjBmY3FyaGlENDgvZ0d0M3ljTzVIUm8ycExmcWQxbAorT1RJUytvYUtmaUVTY2VrQnVMZWhnMDEyZGFBTkNMQmphZ0VkbXZhSDdTRXQzb2t2SnZCNWJWQ3JjbTlJdExSCi8rd1FQc2oxWVFBMjNCWHBSSzBETXpJaW1xaHN4L3hFSjg1am5Qam4yOW0wOVU5YWY0VXA2ZEhmeEt5NzJMWGoKdG1nSTlXWmJZRjZXTnE2a1FCVXpQSDQzL1lMMGpKQi81YytmcytXUGZhci93eU1xT0trV09RQ0hnNjFMcEhtTApKbzFCbHdCM3RTMVF1MVd2SmtTSXkzRUQ5c0pUa1QwMkk5QU9ZRzcxUlN2SDVJTjYweEJwdm1LTVpyb2QwdlZ4CklSQy9vdWN1L1J4L0FvSUJBQXdqTlRiTUJWOW1aSVRoTlowUkdoK0IyU0pEcVhOUXhxVkZQNnZhSW9XMG9PcXUKTWRmT2pOaHNYV0w2REdUMkpReHE5VkJvQUdQT29jVHVteG5oaDIxR1Y2Q0pHMGMrMVBGUVBxVU92UkZlRUVpeAp1SHBXMzc2dVI1Qm9nVzVGaUhXbm51QytadmZJb0c0bFJ6N29ZeXo0ZFZmOXJDYjBSdUxjZmFOMzZ3NnRaWlJjCnppaWFmaXhaVzVDaVNyWDlGeTlRS0JIZ0RHWG5sNlZIQ2FXS2dqMno1d0p5UmU1Q09oeGJmR2xBRTlLMjExWW0KN0tzeDZVb0JhUWNMd1c3ckxEYy96TzFWTkdlQzBrNWNHT05uYitRZkp6WVBHT2dvaTdXR3g1dnFvMlc5eEY3ZwpUb05Jak1FaGxRR2t1aUhvN2ZzZWFSOEVFc01JRWxGR2RrbEVVdWtDZ2dFQVZ6NnZOUERkUDBDc2JOcy9vK3BLClNldlExRDZSZVZBQmRFa0N3ZjBNZTBBS3NiL25aQTE0bEUrc1E1UmpGNG50MGhwbU8yRmdVQjY3dnpkR05UbWYKSm5VQm84blBIREFzSEV0UlhoV2hTeXZzM3NJeG9JUTRQQTBuaVNSWUdUQnRlQ3dPcGpWSXRweVBLdmVvaHoxVApDRXZob1FqWFNoMS9DN08zeFBzRk10a3pDZkg4MUNYYjgvaSttck5BSmxNcVhkbEwzRHowYXd1WWhERWozb096CkhMODViYktheTBDalR0VHlmWUhFUjJoc0h3N2ZsalljSDAvSUhTMjEwdHI0TStpQXVWTDladm9qZnFzVDMwaE8KZ2g1c3EwYmROWWFsZUJ2MGJ0N1JYWlNRd296UzA4R00xdVNMcmtaL1d3ck11ZFhWNGx4TkpqT2JJMW01ZDYrWQpZd0tDQVFFQXY5aVNGUkhFWmJkSWJaakl2ekUvV3FaRDJWVVMxb05XVzU5ZXJibzBqOFkzUWJNb1RPVUlEQzJrCnhLZG1JQlpZNEZxeW9yd2h3aFd2aHNWajkzVzV0VzRYTGx4SmI3cWI5QkhkcUlORnc2SURCaFRMdWF0NFk4UWEKWGRUbWNCeklEWENrZmV3MjI3RGk0bjFLVGpiMktlK3FYUGhpeGNZUnN4cFdmbVFmS3pVK2EweFNNTy9vQWIwMAo0RlN0WG9SY0xyRHczWnZ0cmZkK0ZWdytKZzlOeFl1d2VhczFWOVM5SnNHZFdoTHdZSk1vTUNGUGtHRWx2TTB5CjJvMFBzMk50aktvRWtvRzZuMzBqQlA0cUVNMXJOdURCa2p5amEwUllqaklnOFJTUGgrbzJobHU1b2VoL0ZBRm4Kd2dGS3NQb3g1cmptM09OS0NHSXVmV0NLRmUxMEdRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= tls.crt: c3VwZXItc2VjcmV0LXBhc3N3b3JkLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZVakNDQXpvQ0NRQ0ZmV0owVURPYzFEQU5CZ2txaGtpRzl3MEJBUXNGQURCck1Rc3dDUVlEVlFRR0V3SkQKUVRFUU1BNEdBMVVFQ0F3SFQyNTBZWEpwYnpFUU1BNEdBMVVFQnd3SFZHOXliMjUwYnpFU01CQUdBMVVFQ2d3SgpVMlZ5ZG1WeWJHRmlNU1F3SWdZRFZRUUREQnRrWlcxdmNHaHdiWGxoWkcxcGJpNXpaWEoyWlhKc1lXSXVZMkV3CkhoY05NVGt3TlRJek1ESXdNelU0V2hjTk1qQXdOVEl5TURJd016VTRXakJyTVFzd0NRWURWUVFHRXdKRFFURVEKTUE0R0ExVUVDQXdIVDI1MFlYSnBiekVRTUE0R0ExVUVCd3dIVkc5eWIyNTBiekVTTUJBR0ExVUVDZ3dKVTJWeQpkbVZ5YkdGaU1TUXdJZ1lEVlFRRERCdGtaVzF2Y0dod2JYbGhaRzFwYmk1elpYSjJaWEpzWVdJdVkyRXdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREJKTUJvNVdkR1ZrYmJYRjhBTURvSUt1aCsKbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5Z2lLQVJ5bkxpZ0g4bgpJZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5YTlsa3czSGdCTW05Cmt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEVWM3BpS1NGeS95bjAKQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2YnQwVXFFbEE4Ry9CTAoxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44eWVnaGNSc1VsMGQ3ClN0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00rcUM5NVN4N2pYdnUKa1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZ0hzVlBjcERTdERnWQozZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNR1AwYXA5eG1qVzdHCm55SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWg4T211WnNmWGExMEMKZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bEhHb2JnQUVjc1E2TQpiVXFEWWtXT09PcnY0bHZJWVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFRY0VYNElMWkgwZ3cvCmd5NVFBdG8rdW5qb2MrZ3FlazhKQytKVEwxS0ZuVldIamk3Z1RzYzF6dkx0aXNBd0x2VGFyS1ZDbDNlVGN6SG8KRllqaFFIb3ZMc3VjT3lxY0xYcFJEdG93QUNlM3hTWEhocDRtZGFZYmdmc09pS081cmI3U2J2bnZ3UGJ1U0lIMgpQZUFkR3BvSWVHdlhKaWlSRXorY0JPZFd5VTUrS0w2N3ZjODJiQXlXVlRpVzdaSTBobHIvTmkwTks1S1pmdDRsCk1vQUtabnhKZDdocHA5YzB2dERNeE5RRGEzQ0xLUm96UmpZcUt5dHZhZTFPTVhoL1NLY0NiakpDQVJYNm03YXQKZG9ieGlWSHVIOWhDcUoyTmZoN2JFcnV6UE5CZlZaV294dTE1SE8wdnRYODhzUElYZXJZWlRwell3TjdCUEpUaApLVi9GREh2ZWJzWFY1ZDVhSTRlRFY0RnpmUFM2b2hJRTZwc0VVOFQyTkxMZW5vVzdRdk1YVTNwMm1HRG1JWGQzCndFS3ZXWkR6dXRZaGluWEN4RkZuNVNVNmhCUXJIR3UxWnl5YjZwSEwvVE1oTzVwbkF0ajA1WlN2a20yVUYybjgKa3RKcDFLYWNSTlpMOFFzOWhvYXhYcjZKYm9lOTZTN3djRDRFYkxwVkhvQjArbU9lYWh0WUI5ZDUvMzhBa0tJTApPczl1alFCc3JlVmZUWEEvUnNGUHRBV3JpZ1NLVHNpUmp5VlBJSHdlcU52c2E2UHROenZnZTRhTUlPYkJKcHg3CkxPLy93aXhiL0dDSkg5OXBBN2tSeHV2eUdDd081UzhjZWdzeEdxMHRBS01maHUyZE1zNmNZbHJiNjFVb1FoNHQKL2gwdTQ2TmNIYlRZeXVBbFFlMmNYeEdHVmcvU2pnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= tls.key: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZVakNDQXpvQ0NRQ0ZmV0owVURPYzFEQU5CZ2txaGtpRzl3MEJBUXNGQURCck1Rc3dDUVlEVlFRR0V3SkQKUVRFUU1BNEdBMVVFQ0F3SFQyNTBZWEpwYnpFUU1BNEdBMVVFQnd3SFZHOXliMjUwYnpFU01CQUdBMVVFQ2d3SgpVMlZ5ZG1WeWJHRmlNU1F3SWdZRFZRUUREQnRrWlcxdmNHaHdiWGxoWkcxcGJpNXpaWEoyWlhKc1lXSXVZMkV3CkhoY05NVGt3TlRJek1ESXdNelU0V2hjTk1qQXdOVEl5TURJd016VTRXakJyTVFzd0NRWURWUVFHRXdKRFFURVEKTUE0R0ExVUVDQXdIVDI1MFlYSnBiekVRTUE0R0ExVUVCd3dIVkc5eWIyNTBiekVTTUJBR0ExVUVDZ3dKVTJWeQpkbVZ5YkdGaU1TUXdJZ1lEVlFRRERCdGtaVzF2Y0dod2JYbGhaRzFwYmk1elpYSjJaWEpzWVdJdVkyRXdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREJKTUJvNVdkR1ZrYmJYRjhBTURvSUt1aCsKbmJGNTg0dE1RY1pGUXRJWU1hWnI4aVloc2hUdFJXR1IxVWc5M0tnUW4wY2xSQWUwUEs5Z2lLQVJ5bkxpZ0g4bgpJZEFwY2tZcklrR0VkL25yYW8wYUtYL0M3U3hObFkxL2tnWS9NTFZkMVZWeWtDMWNYS0J5YTlsa3czSGdCTW05Cmt4eXdPZVdFcTJtN3ZnbVpvZmZRTmIvSUt0aTFwRTBWWjhNdGZwb1Bva21EYzl1MmkxWEVWM3BpS1NGeS95bjAKQnkzV1p4YzE5ais0Rm53MlZURjRnQUtPR3VTUUxOOHhMSWJBQUxFS3hGQmFhR1lkd2l2YnQwVXFFbEE4Ry9CTAoxRVBLYUh3aTl1QXVlZjAxNTBqSWVWSm5PTFhadWhBaHdxK2lpbEFTb1E4UVVxOWtzRk44eWVnaGNSc1VsMGQ3ClN0VDE1Y0w3QVN2Z0djR2FPK3JIVUttRnU1OHEzMHVSYmZwL0QyRUUyZTk5eXVhT1lWT00rcUM5NVN4N2pYdnUKa1JiRkd6c3N1NkN1eDMyT2JjU1VxZDJQTjg2S2hveXFUeHR2N0xRU3VlbEMyeHlKN0tTZ0hzVlBjcERTdERnWQozZ1lNMEw1Wnk1TEJmd2tEMC91a0Q4ZE56K1FPalVaY2cxS0gyY0NrK1VSM1NsZHRpNFdNR1AwYXA5eG1qVzdHCm55SlhFRFdjVFVHN01TSWt2QzNtejBhRTkzQ0hSRlVlejdWbWJqeEtZbzU0N0JhbG9kcWg4T211WnNmWGExMEMKZzlxMFRVWVpQbTNpQ3NOR2ZRWmFRc2FWNXlvazMrSlIxaU0yL21kQ3dQQ2lTUUdac3p4bEhHb2JnQUVjc1E2TQpiVXFEWWtXT09PcnY0bHZJWVFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFRY0VYNElMWkgwZ3cvCmd5NVFBdG8rdW5qb2MrZ3FlazhKQytKVEwxS0ZuVldIamk3Z1RzYzF6dkx0aXNBd0x2VGFyS1ZDbDNlVGN6SG8KRllqaFFIb3ZMc3VjT3lxY0xYcFJEdG93QUNlM3hTWEhocDRtZGFZYmdmc09pS081cmI3U2J2bnZ3UGJ1U0lIMgpQZUFkR3BvSWVHdlhKaWlSRXorY0JPZFd5VTUrS0w2N3ZjODJiQXlXVlRpVzdaSTBobHIvTmkwTks1S1pmdDRsCk1vQUtabnhKZDdocHA5YzB2dERNeE5RRGEzQ0xLUm96UmpZcUt5dHZhZTFPTVhoL1NLY0NiakpDQVJYNm03YXQKZG9ieGlWSHVIOWhDcUoyTmZoN2JFcnV6UE5CZlZaV294dTE1SE8wdnRYODhzUElYZXJZWlRwell3TjdCUEpUaApLVi9GREh2ZWJzWFY1ZDVhSTRlRFY0RnpmUFM2b2hJRTZwc0VVOFQyTkxMZW5vVzdRdk1YVTNwMm1HRG1JWGQzCndFS3ZXWkR6dXRZaGluWEN4RkZuNVNVNmhCUXJIR3UxWnl5YjZwSEwvVE1oTzVwbkF0ajA1WlN2a20yVUYybjgKa3RKcDFLYWNSTlpMOFFzOWhvYXhYcjZKYm9lOTZTN3djRDRFYkxwVkhvQjArbU9lYWh0WUI5ZDUvMzhBa0tJTApPczl1alFCc3JlVmZUWEEvUnNGUHRBV3JpZ1NLVHNpUmp5VlBJSHdlcU52c2E2UHROenZnZTRhTUlPYkJKcHg3CkxPLy93aXhiL0dDSkg5OXBBN2tSeHV2eUdDd081UzhjZWdzeEdxMHRBS01maHUyZE1zNmNZbHJiNjFVb1FoNHQKL2gwdTQ2TmNIYlRZeXVBbFFlMmNYeEdHVmcvU2pnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
We enable TLS encryption for the ingress controller by adding the following annotations to the metadata section of the ingress.yml file.
We enable TLS encryption for the ingress controller by adding the following annotations to the metadata section of the ingress.yml file.
- nginx.ingress.kubernetes.io/auth-tls-verify-client
- nginx.ingress.kubernetes.io/auth-tls-secret
- nginx.ingress.kubernetes.io/auth-tls-verify-depth
Update the ingress.yml resource file to include annotations. The update file should look like the following example when done.
--- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: phpmyadmin-http-ingress annotations: # Enable client certificate authentication nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" # Create the secret containing the trusted ca certificates nginx.ingress.kubernetes.io/auth-tls-secret: "default/ingress-tls-secret" # Specify the verification depth in the client certificates chain nginx.ingress.kubernetes.io/auth-tls-verify-depth: "1" spec: backend: serviceName: phpmyadmin-service servicePort: 80