Skip to content

Latest commit

 

History

History
126 lines (107 loc) · 3.85 KB

ingress.md

File metadata and controls

126 lines (107 loc) · 3.85 KB
Raw

Creating Ingress

Prerequisites:

  1. Azure Subscription
  2. Completed steps from Docker Image Creation, Azure Container Registry, Azure Container Instances and Creating Pods, Deployments, Services
  3. Helm - installation guide
  4. Azure CLI installed

Create welcome-app deployment and service

Inside the cloned repo go to ingress folder open welcome-app-deployment.yaml and replace REGISTRY_NAME with your registry name or use the command sed command below:

...
      containers:
      - name: welcome-app
        image: REGISTRY_NAME.azurecr.io/welcome-app:v1
        ports:
        - containerPort: 8080
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 150m
            memory: 128Mi
      imagePullSecrets:
      - name: REGISTRY_NAME
sed -i "s/REGISTRY_NAME/$REGISTRY_NAME/g" welcome-app-deployment.yaml

Create welcome-app deployment and service

kubectl apply -f welcome-app-deployment.yaml
kubectl apply -f welcome-app-service-ingress.yaml

Deploy the ingress controller with Helm

We will leverage the nip.io reverse wildcard DNS resolver service to map our ingress controller LoadBalancerIP to a proper DNS name.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx

In a couple of minutes, a public IP address will be allocated to the ingress controller, retrieve with:

kubectl get svc ingress-nginx -o jsonpath="{.status.loadBalancer.ingress[*].ip}"

export INGRESS_IP=$(kubectl get svc ingress-nginx -o jsonpath="{.status.loadBalancer.ingress[*].ip}")

Open welcome-ingress.yaml and welcome-ingress-tls.yaml to replace INGRESS_IP with your IP or use the sed command below:

...
spec:
  rules:
  - host: INGRESS_IP.nip.io
    http:
      paths:
...
sed -i "s/INGRESS_IP/$INGRESS_IP/g" welcome-ingress.yaml
...
  tls:
  - hosts:
    - INGRESS_IP.nip.io
    secretName: welcome-tls-secret
  rules:
  - host: INGRESS_IP.nip.io
    http:
...
sed -i "s/INGRESS_IP/$INGRESS_IP/g" welcome-ingress-tls.yaml

Create an Ingress using kubectl:

kubectl apply -f welcome-ingress.yaml

Once the Ingress is deployed, you should be able to access the welcome app at http://INGRESS_IP.nip.io, for example http://52.255.217.198.nip.io

Emable SSL/TLS on Ingress

You want to enable connecting to the welcome app over SSL/TLS. In this task, you’ll use Let’s Encrypt free service to generate valid SSL certificates for your domains, and you’ll integrate the certificate issuance workflow into Kubernetes.

Install cert-manager

helm install stable/cert-manager --name cert-manager --set ingressShim.defaultIssuerName=letsencrypt --set ingressShim.defaultIssuerKind=ClusterIssuer --version v0.5.2

Create a Let's Encrypt ClusterIssuer Replace the EMAIL placeholder with your email in letsencrypt-clusterissuer.yaml or use the sed command below:

...
    server: https://acme-v02.api.letsencrypt.org/directory # production
    #server: https://acme-staging-v02.api.letsencrypt.org/directory # staging
    email: EMAIL # replace this with your email
    privateKeySecretRef:
      name: letsencrypt
    http01: {}
...
sed -i "s/EMAIL/$EMAIL/g" letsencrypt-clusterissuer.yaml

And apply it:

kubectl apply -f letsencrypt-clusterissuer.yaml

Deploy the welcome-ingress-tls.yaml:

kubectl apply -f welcome-ingress-tls.yaml

Go to the app at https://INGRESS_IP.nip.io