Skip to content

Latest commit

 

History

History
128 lines (98 loc) · 2.83 KB

README.md

File metadata and controls

128 lines (98 loc) · 2.83 KB

Ingress example with HTTPS

This repository shows you how to create various Kubernetes resources for serving a simple HTTP service over HTTPS using Let's Encrypt.

  • Deployment - this creates a Pod in Kubernetes based upon a simple HTTP server image from OpenFaaS
  • Service - this maps a stable IP address to any Pods created by the Deployment
  • Ingress - integrates with an Ingress Controller to route traffic from the Internet to the Service, and to set up TLS termination
  • Issuer - a custom CRD from cert-manger to request certificates from Let's Encrypt

Steps

You'll first install the pre-requisites, then create the Deployment, Service, Issuer, and Ingress objects.

If you want to use traefik instead, just switch out the ingressClassName and skip the arkade install ingress-nginx step.

If you don't have a Kubernetes cluster to hand, but have Docker running, then you can run:

kind create cluster --name inlets-cloud-test

If you don't have Docker available, but can create a Linux VM somewhere, then you can install K3s with k3sup locally on the host:

curl -sLS https://get.k3sup.dev | sh
k3sup install --local

Or remotely from your own computer via SSH using k3sup install --ip IP --user USER.

Setup ingress-nginx, cert-manager, etc

curl -sLS https://get.arkade.dev | sudo sh
arkade install ingress-nginx
arkade install cert-manager

Or install these packages using their various README files or Helm charts.

Create the Deployment

kubectl apply -f deployment.yml

Create the Service

kubectl apply -f service.yml

Create the Issuer

export DOMAIN=nodeinfo.example.com
export CLASS=nginx

cat > issuer.yml <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
    acme:
        server: https://acme-v02.api.letsencrypt.org/directory
        email: webmaster@${DOMAIN}
        privateKeySecretRef:
            name: letsencrypt-prod
        solvers:
        - http01:
            ingress:
                class: $CLASS
EOF

kubectl apply -f issuer.yml

Create the Ingress

export DOMAIN=nodeinfo.example.com
export CLASS=nginx
export NAME=nodeinfo

cat > ingress.yml <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: $NAME
  annotations:
    cert-manager.io/issuer: "letsencrypt-prod"
spec:
  ingressClassName: $CLASS
  rules:
  - host: "$DOMAIN"
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: $NAME
              port:
                number: 8080
  tls:
  - hosts:
    - "$DOMAIN"
    secretName: ${NAME}-tls
EOF

kubectl apply -f ingress.yml

Check the progress of the certificates

kubectl get certificate
kubectl describe certificate

Access the service

export DOMAIN=nodeinfo.example.com

echo "https://$DOMAIN"