January 30, 2018 By Carmel Schindelhaim
Vinit Jain
3 min read

Deploy custom domain TLS Certificates

We are excited to announce that IBM Cloud Container Service is now integrated with IBM Cloud Certificate Manager! This means that you can easily and securely deploy custom domain TLS certificates from Certificate Manager to your Kubernetes Cluster.

Developers deploy their apps on IBM Cloud Container Service and make them securely accessible through the Ingress Controller. The Ingress Controller uses a pre-installed certificate that protects the default IBM provided domain assigned to your app. However, if you would like to use a custom domain for your app, such as mybank.com, you will need to obtain your own custom domain TLS certificate for that domain, install it in your cluster, and configure your Ingress Controller to use it.

When you have your own TLS certificate, you need to manage it so that your apps will continuously be secured with HTTPS. Certificates are only valid for a period of time, so you need to remember to renew them on time to avoid service disruptions. Private keys associated with certificates need to be protected because stolen keys can mean compromised customer and business data. So you’ll need a secure place to store your certificates, with proper access controls and an audit trail, and a way to monitor their expiration. IBM Cloud Certificate Manager provides these capabilities.

The IBM Cloud Container Services is now integrated with IBM Cloud Certificate Manager so that you can securely deploy a TLS certificate that you manage in Certificate Manager to your cluster. Cluster admins can use the Container Service CLI to import and update TLS certificates as Kubernetes Secrets, specifying the id of the certificate they want to use (CRN). Container Service also reports back to Certificate Manager the id of the Kubernetes cluster where the certificate was installed. Developers can then configure the ingress controller to use these secrets to secure apps with TLS. The update command also allows them to update an existing Kubernetes secret with a renewed certificate without causing downtime.

bx cs alb-cert-deploy [--update] --cluster CLUSTER --secret-name SECRET_NAME --cert-crn CERTIFICATE_CRN

We also designed the integrated experience to help you minimize the exposure of your private keys to users. When developers deploy applications, they can create ingress resources that use the secrets containing the certificates and their associated private keys without being able to read the content of the secrets (the private keys) themselves. This works by letting developers use reference secrets that do not contain the private keys. At runtime, the ingress controller can securely access the secrets and keys to do SSL termination.

To learn more, check out the documentation of Container Service here. Read more about IBM Cloud Certificate Manager here.

More from Security

How to implement the General Data Protection Regulation (GDPR)

10 min read - The General Data Protection Regulation (GDPR), the European Union's landmark data privacy law, took effect in 2018. Yet many organizations still struggle to meet compliance requirements, and EU data protection authorities do not hesitate to hand out penalties. Even the world's biggest businesses are not free from GDPR woes. Irish regulators hit Meta with a EUR 1.2 billion fine in 2023. Italian authorities are investigating OpenAI for suspected violations, even going so far as to ban ChatGPT briefly. Many businesses…

What are breach and attack simulations?

4 min read - Breach and Attack Simulation (BAS) is an automated and continuous software-based approach to offensive security. Similar to other forms of security validation such as red teaming and penetration testing, BAS complements more traditional security tools by simulating cyberattacks to test security controls and provide actionable insights. Like a red team exercise, breach and attack simulations use the real-world attack tactics, techniques, and procedures (TTPs) employed by hackers to proactively identify and mitigate security vulnerabilities before they can be exploited by…

IBM Tech Now: February 12, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 92 On this episode, we're covering the following topics: The GRAMMYs + IBM watsonx Audio-jacking with generative AI Stay plugged in You can check out the IBM Blog Announcements for a full rundown of…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters