Nginx-ingress-controller: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Working with nginx ingress controls == The Nginx ingress controller for kubernetes can be an amazing PITA. If we work with nginx as an application that only does the ingre...") |
mNo edit summary |
||
| Line 32: | Line 32: | ||
Note specifically the namespace we are installing the ingress into. This is NOT the namespace of the ingress-controller application. | Note specifically the namespace we are installing the ingress into. This is NOT the namespace of the ingress-controller application. | ||
* It is critical to note you have to install the ssl certs into the namespace beforehand to get this to work right away | * It is critical to note you have to install the ssl certs into the namespace beforehand to get this to work right away | ||
* in general you want to do your SSL offload at the ingress point, and use straight HTTP internally so you do not have additional SSL certs to fight with. This can be an issue with applications such as ArgoCD itself, as that internally has its own stupid redirect back to a 443 port. That gets disabled in the values.yaml file with an insecure flag for ArgoCD. | * in general you want to do your SSL offload at the ingress point, and use straight HTTP internally so you do not have additional SSL certs to fight with. This can be an issue with applications such as ArgoCD itself, as that internally has its own stupid redirect back to a 443 port. That gets disabled in the values.yaml file with an insecure flag for ArgoCD. | ||
Add your SSL certificates to a given namespace, for later use within the ingress object you are creating: | |||
<pre> | |||
kubectl create secret tls wc-iwillfearnoevil-com --namespace librespeed --key ~/ssl/privkey.pem --cert ~/ssl/cert.pem | |||
</pre> | |||
Example working SSL ingress: | |||
<pre> | <pre> | ||
apiVersion: networking.k8s.io/v1 | apiVersion: networking.k8s.io/v1 | ||
Revision as of 11:11, 18 August 2022
Working with nginx ingress controls
The Nginx ingress controller for kubernetes can be an amazing PITA. If we work with nginx as an application that only does the ingress, it becomes much easier. This also makes a single spot to install the logic that the other application and namespaces can bind to.
Generic Template to create an ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
# Creates information for the ingress
name: test-ingress
# namespace must be the same as where you application resides
namespace: dev
spec:
ingressClassName: nginx
rules:
- host: "demo.apps.mlopshub.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
# must match service name completely. Look in Lens
name: hello-service
port:
# Internal port number to forward to
number: 80
A specific example to create an SSL based ingress
Note specifically the namespace we are installing the ingress into. This is NOT the namespace of the ingress-controller application.
- It is critical to note you have to install the ssl certs into the namespace beforehand to get this to work right away
- in general you want to do your SSL offload at the ingress point, and use straight HTTP internally so you do not have additional SSL certs to fight with. This can be an issue with applications such as ArgoCD itself, as that internally has its own stupid redirect back to a 443 port. That gets disabled in the values.yaml file with an insecure flag for ArgoCD.
Add your SSL certificates to a given namespace, for later use within the ingress object you are creating:
kubectl create secret tls wc-iwillfearnoevil-com --namespace librespeed --key ~/ssl/privkey.pem --cert ~/ssl/cert.pem
Example working SSL ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: librespeed-ingress
namespace: librespeed
spec:
ingressClassName: nginx
tls:
- hosts:
- librespeed.iwillfearnoevil.com
secretName: wc-iwillfearnoevil-com
rules:
- host: "librespeed.iwillfearnoevil.com"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: librespeed
port:
number: 80
Using the ingress you just created:
kubectl create -f ./librespeed-ingress-object.yaml