# Step 1: Create the self signed certificate and key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=BE/ST=Mechelen/L=Mechelen/O=IxorTalk/OU=Platform/CN=ixortalk-aks-ingress.canadaeast.cloudapp.azure.com" -keyout ./certs/nginx-selfsigned.key -out ./certs/nginx-selfsigned.crt 

Generating a 2048 bit RSA private key
....................+++
................+++
writing new private key to '/Projects/Azure/Ingress/certs/nginx-selfsigned.key'
-----

# Step 2: Create the dhparam file
dhparam -out ~/certs/dhparam.pem 2048

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

# Step 3: Verify that all files have been created
➜  Ingress git:(master) ✗ ls -ltr ./certs 
total 16
-rw-r--r--  1 ddewaele  staff  1675 Apr  2 20:23 nginx-selfsigned.key
-rw-r--r--  1 ddewaele  staff  1688 Apr  2 20:23 nginx-selfsigned.crt
-rw-r--r--  1 ddewaele  staff   424 Apr  2 20:25 dhparam.pem


# Step 4: Add the secrets to your kubernetes cluster 
kubectl create secret tls tls-certificate --key ~/certs/nginx-selfsigned.key --cert ~/certs/nginx-selfsigned.crt
kubectl create secret generic tls-dhparam --from-file=/Users/xxx/certs/dhparam.pem

# Step 5: Update the public IP of your kubernetes custer with a DNS name (prefx)
az network public-ip update --resource-group MC_aksgrouptest2_aksclustertest2_canadaeast --name kubernetes-abf63244236a411e8a7010a58ac1f158 --dns-name ixortalk-aks-ingress