...

/

Upgrading Ingress Rules and Adding TLS Certificates

Upgrading Ingress Rules and Adding TLS Certificates

This lesson explains how to upgrade Ingress rules and add TLS certificates.

All the applications we installed so far are accessible through a plain HTTP protocol. As I’m sure you’re aware, that is not acceptable. All public-facing applications should be available through HTTPS only, and that means that we need TLS certificates. We could generate them ourselves for each of the applications, but that would be too much work. Instead, we’ll try to figure out how to create and manage the certificates automatically. Fortunately, Jenkins X already solved that and quite a few other Ingress-related challenges. We just need to learn how to tell jx what exactly we need.

All the jx upgrade commands we explored so far have followed the same pattern, they upgrade components to a specific or the latest release. Ingress is the exception. We can use the jx upgrade ingress command to change a variety of things.

  • We can change the domain of the cluster or a namespace.
  • We can add TLS certificates to all Ingress endpoints.
  • We can also change the template Jenkins X is using to auto-generate addresses of applications.

Confirming the deployment

Let’s start by checking the applications we currently have in our cluster.

Press + to interact
jx get applications

The output is as follows.

Press + to interact
APPLICATION STAGING PODS URL
jx-go-demo-6 1.0.110 3/3 http://go-demo-6.cd-staging.35.243.230.195.nip.io

⚠️ If the output is empty, you were probably reading too fast, and the pipeline run initiated when you imported go-demo-6 hasn’t finished and, therefore, the release was not deployed to the staging environment.

You already saw that output quite a few times before. There’s nothing special about it, except that go-demo-6 is accessible through an auto-generated HTTP address. We must change that to HTTPS since no serious applications should be reachable without TLS. But, before we do that, let’s confirm that our application can indeed be reached.

⚠️ Make sure to replace [...] with the address from the URL column from the previous output before executing the commands that follow.

Press + to interact
STAGING_ADDR=[...]
curl "$STAGING_ADDR/demo/hello"

The output should show hello, PR! so we confirmed that the application is working and that it can be reached through the insecure HTTP protocol. Feel free to send a request using https, and you’ll see ...

Access this course and 1400+ top-rated courses and projects.