Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting. In order for the Ingress resource to work, the cluster must have an Ingress Controller running.
Kubernetes supports and maintains AWS, GCE, and nginx ingress controllers.
Done only once per cluster
We will deploy the Nginx ingress controller behind a Network Load Balancer manifest.
Now we would like to access the 2048 game application from a domain such as http://my-2048.upes-int-devops.com
Generate a self-signed certificate and private key with:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" -addext "subjectAltName = DNS:${HOST}"
Then create the secret in the cluster via:
kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
The resulting secret will be of type kubernetes.io/tls
.
Inspired by https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/service/networking/tls-example-ingress.yaml, define your ingress to accept HTTPS requests.
Force your incoming traffic to use HTTPS by adding the following annotation to the ingrass object:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"