NetScaler ingress controller

Create a self-signed certificate and linking into Kubernetes secret

Use the steps in the procedure to create a self-signed certificate using OpenSSL and link into Kubernetes secret. You can use this secret to secure your Ingress.

Create a self-signed certificate

You can create a TLS secret by using the following steps. In this procedure, a self-signed certificate and key are created. You can link it to the Kubernetes secret and use that secret in the Ingress for securing the Ingress.

    openssl genrsa -out cert_key.pem 2048
    openssl req -new -key cert_key.pem -out cert_csr.pem -subj "/"
    openssl x509 -req -in cert_csr.pem -sha256 -days 365 -extensions v3_ca -signkey cert_key.pem -CAcreateserial -out cert_cert.pem


Here, is used for reference. You must replace with the required domain name.

In the example, the generated certificate has a validity of one year as the days are mentioned as 365 days.

Linking the certificate to a Kubernetes secret

Perform the following steps to link the certificate to the Kubernetes secret.

  1. Run the following command to create a Kubernetes secret based on the TLS certificate that you have created.

    kubectl create secret tls tls-secret --cert=cert_cert.pem --key=cert_key.pem
  2. Run the following command to view the secret that contains the TLS certificate information:

    kubectl get secret tls-secret

Deploy the Ingress

Create and apply the Ingress configuration. The following YAML can be used for reference.

kind: Ingress
  name: ingress-demo
  namespace: netscaler
  annotations: "netscaler"      
  - secretName: tls-secret
      - ""
  - host:  ""
      - path: /
        pathType: Prefix
            name: service-test
              number: 80
Create a self-signed certificate and linking into Kubernetes secret