I'm working with an AKS cluster that uses nginx ingress and cert-manager for managing TLS certificates. Currently, everything is functioning great with TLS when using ingress. However, some of my users prefer to access the application directly through the internal load balancer (LB) instead of going through ingress. Since the internal LB operates at layer 4, I can't use TLS certificates directly on it. What are the options for using TLS with my application if I want to go this route? Do I need to create the certificate manually, mount it inside the pod, and configure my app to listen on port 443?
1 Answer
Have you considered just using the ingress controller with the internal load balancer? It can expose your services securely while handling the TLS for you.
Our ingress controller is already set up to use a private load balancer. I'm looking for a solution that allows me to bypass ingress entirely while still ensuring secure connections.