I'm currently trying to setup a MQTT broker (VerneMQ) on my kubernetes cluster (GKE).
At the moment I'm using nginx-ingress-controller with a Google provided L4 load balancer. The VerneMQ deployment and service are running in the cluster and a sub-domain is pointing to the specific IP of the load-balancer. The specific config-map for TCP over nginx-ingress-controller was created. I'm able to connect with a MQTT client via the subdomain via MQTT/TCP but now I want this also run in a more secure way with MQTTS/TLS.
Is it possible to run TCP over SSL through nginx-ingress-controller with lets-encrypt certificates issued by cert-manager in order to connect with MQTTS to my broker ?
Are there any other ingress-controllers which offer these functionality ?
Thank you in advance.
Best Answer
It seems that
haproxy-ingresssupports this? I haven't tested it, but from the documentation this option may work:9900 will proxy to admin service, port 9900, on the system-prod namespace. Clients should connect using the PROXY protocol v1 or v2. Upcoming connections should be encrypted, HAProxy will ssl-offload data using crt/key provided by system-prod/tcp-9900 secret.