Ingress:
Kubernetes calls it HTTP based load balancing system Ingress. Ingress is a Kubernetes-native way to implement the "Virtual hosting" pattern. The Kubernetes Ingress system works to simplify this by (a) standardizing that configuration (b) moving to standard Kubernetes object (c) merging multiple Ingress objects into a single config for the load balancer.
We have lot of Ingress controller in the market. I am going to use the contour [Ingress controller] along with Envoy load balancer.
Installed the contour as follows:
#kubectl apply -f https://j.hept.io/contour-deployment-rbac
We need to configure the DNS for the external address of loadbalancer, so that we can map lot of services into Load balancer and Ingress play a major rule to segregate the traffics and send to correspondent service.
Created a TLS:
#kubectl create secret tls <secret-name> --cert <certificate-pem-file> --key <private-key-pem-file>
The YAML file for the TLS:
apiVersion: v1
kind: Secret
metadata:
creationTimestamp: null
name: tls-secret-name
type: kubernetes.io/tls
data:
tls.crt: <base64 encoded certificate>
tls.key: <base64 encoded private key>
We can call the TLS certificate from Ingress file:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tls-ingress
spec:
tls:
- hosts:
- alpaca.example.com
secretName: tls-secret-name
rules:
- host: alpaca.example.com
http:
paths:
- backend:
serviceName: alpaca
servicePort: 8080
P.S: It will tough to manage of all the TLS certificates with in K8S. The cert-manager is a API which will provide the certificate whenever the K8S request for it.
Ambassador and Gloo are two other Envoy based Ingress controller is available in the market. NGINX ingress controller is a most popular open source controller in the market.
No comments:
Post a Comment