Add Custom Domain and TLS Certificate to Your Secure Cloud App

By: Henrik Loeser

Add a custom domain and secure network traffic with a TLS certificate

I recently blogged about how to apply end-to-end security to cloud applications. In that post, I introduced a IBM Cloud solutions tutorial that walks you through all the steps to secure data at rest, data in transit, and integrate authentication for a cloud app deployed on IBM Cloud Kubernetes Service. That cloud security tutorial has now been extended and shows how to add a custom domain and secure network traffic with a TLS certificate. The certificate is managed by the IBM Cloud Certificate Manager.

Architecture: Secure cloud applications

Architecture: Secure cloud applications

Certificate Manager

In an older blog, I showed you how easy it is to obtain a Let’s Encrypt wildcard certificate and apply it to a Kubernetes cluster. At that time, I manually created a Kubernetes secret from the TLS certificate and then used it in the Ingress configuration. In the extended solutions tutorial, the certificate first is imported into the Certificate Manager. There, I can track its expiration date and set up notifications to remind me. In the best case, this could trigger automatic certificate renewals. Using the Certificate Manager has other benefits, too. Using the IBM Cloud CLI, I can directly deploy the certificate to the Kubernetes cluster:

ibmcloud ks alb-cert-deploy --secret-name secure-file-storage-certificate --cluster secure-file-storage-cluster --cert-crn the-certificate-crn

The above command creates a secret in the specified cluster. That secret can then be referred to in the Ingress configuration. Thereby, the deployed app can be exposed using a custom domain. The network traffic is encrypted thanks to the TLS certificate. Moreover, the Certificate Manager helps that the certificate is kept current.

Secured: Custom domain for Kubernetes app on IBM Cloud

Secured: Custom domain for Kubernetes app on IBM Cloud

Related Links

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Be the first to hear about news, product updates, and innovation from IBM Cloud