Microk8s Ingress and SSl Deployment
Posted By :Kapil Soni |5th August 2022
Why is ingress in Kubernetes?
An Ingress object in Kubernetes enables access to your Kubernetes services from locations outside the Kubernetes cluster. By establishing a set of rules that specify which inbound connections connect to which services, you can configure access. You are able to do to combine all of your routing rules into a single resource.
Is Kubernetes Ingress a load balancer?
Kubernetes Ingress vs Load Balancer
An example of a service is a Kubernetes application load balancer, whereas Kubernetes ingress is a set of rules rather than a service. Instead, Kubernetes ingress serves as the entry point for a whole cluster of pods and is positioned in front of numerous services.
Microk8s Ingress and WIll SSL Deployment
#########################################################
This article will show you how to set up Letsencrypt with Kubernetes utilising Microk8s and the default Ingress controller.
# Versions used:
# microk8s version 1.21/stable
# cert-manager v1.3.1
Prerequisite: Forward ports 80 and 443 to your server. Create a domain name that points to your server.
#########################################################
Install microk8s
snap install microk8s --classic --channel=1.21/stable
Enable DNS and ingress
#########################################################
sudo microk8s enable DNS ingress
We'll establish a test webserver deployment/service using the Nginx webserver image to test web traffic.
![GUIDE] Running MicroK8s & Nginx-ingress on CentOS 7 | by Robert Diebels | Medium](https://miro.medium.com/max/1024/1*w4ZoaFFAvJeoeSTl9miYtg.png)
#########################################################
webserver-depl-svc.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: webserver-depl
spec:
selector:
matchLabels:
app: webserver-app
template:
metadata:
labels:
app: webserver-app
spec:
containers:
- name: webserver-app
image: nginx:1.8
---
apiVersion: v1
kind: Service
metadata:
name: webserver-svc
spec:
selector:
app: webserver-app
ports:
- name: webserver-app
protocol: TCP
port: 80
targetPort: 80
#########################################################
apply the config file
sudo microk8s kubectl apply -f webserver-depl-svc.yaml
now to configure the default ingress to serve the test webserver
#########################################################
ingress-routes.yaml
#########################################################
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-routes
spec:
rules:
#change yourdomain.com to your domain
- host: yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webserver-svc
port:
number: 80
#########################################################
Apply the ingress routes
#########################################################
sudo microk8s kubectl apply -f ingress-routes.yaml
If you visit yourdomain.com, you are likely to see the default message "welcome to nginx!" splash screen.
#########################################################
Now to install cert-manager https://cert-manager.io/docs/installation/kubernetes/
#########################################################
sudo microk8s kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml
#########################################################
Configure Kubernetes Ingress with SSL Passthrough - Azure Talk
The following command should show three pods to check that cert-manager is installed and operating.
sudo microk8s kubectl get pods --n=cert-manager
Now to create the certificate issuer config.One thing to note is that the class used in this configuration is public, as opposed to nginx. This may be microk8s specific. https://cert-manager.io/docs/tutorials/acme/ingress/
#########################################################
letsencrypt-staging.yaml
#########################################################
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
#change to your email
email: [email protected]
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: public
#########################################################
letsencrypt-prod.yaml
#########################################################
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
#change to your email
email: [email protected]
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: public
#########################################################
Apply both issuer configs
#########################################################
sudo microk8s kubectl apply -f letsencrypt-staging.yaml
#########################################################
sudo microk8s kubectl apply -f letsencrypt-prod.yaml
#########################################################
now to update ingress-routes.yaml to use the staging certificate.
#########################################################
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-routes
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-staging"
spec:
tls:
- hosts:
#change to your domain
- yourdomain.com
secretName: tls-secret
rules:
#change to your domain
- host: yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webserver-svc
port:
number: 80
#########################################################
Apply the update
#########################################################
sudo microk8s kubectl apply -f ingress-routes.yaml
Run the next command to confirm Ready=True
#########################################################
sudo microk8s kubectl get certificate
If it returned true, it signifies the HTTP-01 challenge was successful. You can see extra detail at the end of output by using the next command.
#########################################################
sudo microk8s kubectl describe certificate tls-secret
Now to change ingress-routes.yaml to use the production certificate.
#########################################################
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-routes
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
#change to your domain
- yourdomain.com
secretName: tls-secret
rules:
#change to your domain
- host: yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webserver-svc
port:
number: 80
#########################################################
Apply the update
#########################################################
sudo microk8s kubectl apply -f ingress-routes.yaml
#########################################################
Run the following command to validate that a certificate was generated. Ready=True
#########################################################
sudo microk8s kubectl get certificate
#########################################################
Run the next command and check the final result to ensure the certificate was issued.
#########################################################
sudo microk8s kubectl describe certificate tls-secret
#########################################################
Now if you visit your domain. You should see the small lock of success! :)
Ready to innovate ? Let's get in touch
Follow us
We are ISO 9001:2015 Certified
Resources
Connect with us
Follow us
