From b24baeb9e213c39099f7a4789d94f1ed2643e0d9 Mon Sep 17 00:00:00 2001
From: Olivier Wenger <olivier.wenger@liip.ch>
Date: Sun, 20 Feb 2022 15:22:30 +0100
Subject: [PATCH] =?UTF-8?q?Added=20documentation=20to=20use=20TLS=C2=A0wit?=
 =?UTF-8?q?h=20traefik?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                 | 37 ++++++++++++++++++++++++++++++++++++-
 examples/tls/ingress.yaml | 24 ++++++++++++++++++++++++
 examples/tls/pod.yaml     | 13 +++++++++++++
 examples/tls/service.yaml | 11 +++++++++++
 4 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 examples/tls/ingress.yaml
 create mode 100644 examples/tls/pod.yaml
 create mode 100644 examples/tls/service.yaml

diff --git a/README.md b/README.md
index a4df995..d317c73 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,41 @@ _To turn off k3s upgrades, you can either set the `k3s_upgrade=true` label in th
 kubectl -n system-upgrade label node <node-name> k3s_upgrade-
 ```
 
+## Example Ingress with TLS
+
+Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example
+```sh
+kubectl apply -f examples/tls/.
+```
+```yml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.tls.certresolver: le
+spec:
+  tls:
+    - hosts:
+        - example.com
+      secretName: example-tls
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-service
+                port:
+                  number: 80
+
+
+```
+
+
 ## Takedown
 
 If you want to takedown the cluster, you can proceed as follows:
@@ -203,4 +238,4 @@ Any contributions you make are **greatly appreciated**.
 [issues-url]: https://github.com/mysticaltech/kube-hetzner/issues
 [license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge
 [license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt
-[product-screenshot]: .images/kubectl-pod-all-17022022.png
\ No newline at end of file
+[product-screenshot]: .images/kubectl-pod-all-17022022.png
diff --git a/examples/tls/ingress.yaml b/examples/tls/ingress.yaml
new file mode 100644
index 0000000..9888094
--- /dev/null
+++ b/examples/tls/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/router.tls.certresolver: le
+spec:
+  tls:
+    - hosts:
+        - example.com
+      secretName: example-tls
+  rules:
+    - host: example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-service
+                port:
+                  number: 80
+
diff --git a/examples/tls/pod.yaml b/examples/tls/pod.yaml
new file mode 100644
index 0000000..d5655fc
--- /dev/null
+++ b/examples/tls/pod.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    run: nginx
+  name: nginx
+spec:
+  containers:
+  - image: nginx
+    name: nginx
+    ports:
+    - containerPort: 80
+
diff --git a/examples/tls/service.yaml b/examples/tls/service.yaml
new file mode 100644
index 0000000..5743a0b
--- /dev/null
+++ b/examples/tls/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    run: nginx