NOTE: 1 year after i wrote this, I found it in my “drafts”. I don’t recall why i haven’t published it. Since 1 year has passed, I decided to publish AS-IS.
There are only guides but it took forever (aka more than 1 day) to set everything up and working. Here a list of the things I did to make everything working.
The result is that:
- Nginx is used as ingress, (nginx-ingress) and an ingress resource is used to route to your service
- TLS for the connection, issued by letsencrypt
- static IP and DNS set up to your domain
Let’s go step by step.
It’s assumed that you have a Kubernetes cluster with services running, Helm installed and working.
Setup a static IP and DNS
From the Google console create a static IP (give a name you like), not it down somewhere.
Create a DNS record that points to that IP, in my case it’s api.k8s.chino.io
The tricky part is to have a correct helm configuration (then generate Kubernetes instructions correctly). In the templates folder, I’ve this ingress.yaml file
(note that your deployment must use ClusterIP and the port is the targetPort, in my case is 8000 and not 80)
then I created a certificate.yaml
and this in values.yaml
Briefly, this will create an ingress for the service that resolves the url set in the values. Plus creates a certificate, using the letsencrypt prod system (you can use staging for test environment, we go on this later on).
First of all install nginx-ingress using helm, set it to use your static ip.
helm install --name nginx-ingress --set controller.service.loadBalancerIP=YOURSTATICIP stable/nginx-ingress
First, create the issuer by using this yaml file
(the value letsencrypt-prod is used in the values.yaml and links to this one)
Then launch the cert manager with helm
helm install --name cert-manager stable/cert-manager
this will take care of generating the certificate.
Launch your helm
launch the helm that you updated at the beginning. everything should be working and having the TLS enabled.