Exposing service over TLS

Hi. I’m pretty new to kubernetes but I seem to be fighting an uphill battle trying to get TLS on a service.

I have a service that has a container with two container ports 8000 and 8001. Port 8000 listens for http traffic and port 8001 listens for tcp traffic. The container cannot terminate TLS, so I need to put something in front of it to handle termination and certificate generation (with Let’s Encrypt).

I have the cert generation working and HTTPS forwarding to my container port (8000) using an nginx-ingress with cert manager, however I cannot work out how to reuse this certificate to add termination for the tcp port.

Is there something obvious I am missing here?

Can anyone advise on the simplest way I could run a docker image with TLS on both ports?

I don’t think you can terminate TLS at the TCP connection layer :thinking:, it’s kind of tied to the upper layer protocol like HTTPS.

Kind regards,