Upgrading Ingress Rules and Adding TLS Certificates
This lesson explains how to upgrade Ingress rules and add TLS certificates.
All the applications we installed so far are accessible through a plain HTTP protocol. As I’m sure you’re aware, that is not acceptable. All public-facing applications should be available through HTTPS only, and that means that we need TLS certificates. We could generate them ourselves for each of the applications, but that would be too much work. Instead, we’ll try to figure out how to create and manage the certificates automatically. Fortunately, Jenkins X already solved that and quite a few other Ingress-related challenges. We just need to learn how to tell jx what exactly we need.
All the jx upgrade commands we explored so far have followed the same pattern, they upgrade components to a specific or the latest release. Ingress is the exception. We can use the jx upgrade ingress command to change a variety of things.
- We can change the domain of the cluster or a namespace.
- We can add TLS certificates to all Ingress endpoints.
- We can also change the template Jenkins X is using to auto-generate addresses of applications.
Confirming the deployment
Let’s start by checking the applications we currently have in our cluster.
jx get applications
The output is as follows.
APPLICATION STAGING PODS URLjx-go-demo-6 1.0.110 3/3 http://go-demo-6.cd-staging.35.243.230.195.nip.io
⚠️ If the output is empty, you were probably reading too fast, and the pipeline run initiated when you imported go-demo-6 hasn’t finished and, therefore, the release was not deployed to the staging environment.
You already saw that output quite a few times before. There’s nothing special about it, except that go-demo-6 is accessible through an auto-generated HTTP address. We must change that to HTTPS since no serious applications should be reachable without TLS. But, before we do that, let’s confirm that our application can indeed be reached.
⚠️ Make sure to replace
[...]with the address from theURLcolumn from the previous output before executing the commands that follow.
STAGING_ADDR=[...]curl "$STAGING_ADDR/demo/hello"
The output should show hello, PR! so we confirmed that the application is working and that it can be reached through the insecure HTTP protocol. Feel free to send a request using https, and you’ll see that the output will state that there is an SSL certificate problem.
So far, we used a nip.io domain for all our examples. That was useful for the exercises since it saved us from purchasing a “real” ...