January 30, 2018 By jason-mcalpin 3 min read

Deploy custom domain TLS Certificates

We are excited to announce that IBM Cloud Container Service is now integrated with IBM Cloud Certificate Manager! This means that you can easily and securely deploy custom domain TLS certificates from Certificate Manager to your Kubernetes Cluster.

Developers deploy their apps on IBM Cloud Container Service and make them securely accessible through the Ingress Controller. The Ingress Controller uses a pre-installed certificate that protects the default IBM provided domain assigned to your app. However, if you would like to use a custom domain for your app, such as mybank.com, you will need to obtain your own custom domain TLS certificate for that domain, install it in your cluster, and configure your Ingress Controller to use it.

When you have your own TLS certificate, you need to manage it so that your apps will continuously be secured with HTTPS. Certificates are only valid for a period of time, so you need to remember to renew them on time to avoid service disruptions. Private keys associated with certificates need to be protected because stolen keys can mean compromised customer and business data. So you’ll need a secure place to store your certificates, with proper access controls and an audit trail, and a way to monitor their expiration. IBM Cloud Certificate Manager provides these capabilities.

The IBM Cloud Container Services is now integrated with IBM Cloud Certificate Manager so that you can securely deploy a TLS certificate that you manage in Certificate Manager to your cluster. Cluster admins can use the Container Service CLI to import and update TLS certificates as Kubernetes Secrets, specifying the id of the certificate they want to use (CRN). Container Service also reports back to Certificate Manager the id of the Kubernetes cluster where the certificate was installed. Developers can then configure the ingress controller to use these secrets to secure apps with TLS. The update command also allows them to update an existing Kubernetes secret with a renewed certificate without causing downtime.

bx cs alb-cert-deploy [--update] --cluster CLUSTER --secret-name SECRET_NAME --cert-crn CERTIFICATE_CRN

We also designed the integrated experience to help you minimize the exposure of your private keys to users. When developers deploy applications, they can create ingress resources that use the secrets containing the certificates and their associated private keys without being able to read the content of the secrets (the private keys) themselves. This works by letting developers use reference secrets that do not contain the private keys. At runtime, the ingress controller can securely access the secrets and keys to do SSL termination.

To learn more, check out the documentation of Container Service here. Read more about IBM Cloud Certificate Manager here.

More from Announcements

Enabling customers to streamline document management with IBM watsonx.ai

2 min read - At Accusoft, our mission is to help organizations solve their most complex content workflow challenges by helping them adopt content processing, conversion and automation solutions. We accomplish this through our flagship product, PrizmDoc, which enables developers to enhance their applications with in-browser document viewing and collaboration functionality.  Over the past several years, we’ve been closely monitoring the evolving role of artificial intelligence (AI) in delivering cutting-edge solutions to our customers. Unlike many competitors who hastily incorporate AI  to check a…

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters