# Ingress 設定tls 1. 先準備好憑證 可由Certbot產生 或其他方式  2. 建立secret ``` kubectl create secret tls testsecret-tls --key=privkey.pem --cert=fullchain.pem ``` 創建好後 查看結果  3. 建立tls-ingress :::info 可創建固定IP 防止Ingress每次創建GKE會給予不同IP ``` gcloud compute addresses create tlsingress-static-ip --global ``` ::: ``` apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-first-tls-ingress annotations: kubernetes.io/ingress.global-static-ip-name: "tlsingress-static-ip" spec: tls: - hosts: - k8stlsingress.bingxiang1027test.com secretName: testsecret-tls defaultBackend: service: name: my-first-node-port-service port: number: 80 rules: - host: "k8stlsingress.bingxiang1027test.com" http: paths: - path: /* pathType: ImplementationSpecific backend: service: name: my-first-node-port-service port: number: 80 ``` ``` kubectl apply -f tls-ingress.yaml ``` 4. 查看結果創建ingress 已經多綁一個443 port了   5. 至CloudDNS 設定DNS  過個一分鐘後 清除本地DNS Cache並查看domain是否生效  6. 確認網頁功能 http  https