Setting up Ingress with SSL termination can feel like a daunting task especially with the plethora of tutorials out there that leave you hanging.
In this exercise we will deploy an ingress-controller along with cert-manager using simple specs and `make install`.
This scenario requires two moving parts:
The Ingress Controller is basically an nginx pod(s) running a reverse proxy which maps a hostname +/- path to a specific service.
We tell the Ingress Controller about our mapping with an Ingress Resource. Within this Ingress Resource we specify the hostname(s) and path(s) along with which โsecretโ to use for SSL decryption.
Cert Manager comes into the picture when we want to have automation for generating (and renewing) certificates from LetsEncrypt. This entire process is abstracted away by using the Cert Manager pod and its Certificate Resource.
Getting Started
We need to clone two GitHub repositories which will help speed things up.
Prior to getting started I recommend that you acquire a static ip address to use and then point your DNS hostname(s) to this ip address.
Reserving a Static IP Address with Google Cloud Platform
gcloud compute addresses create [ADDRESS_NAME] \
[--region [REGION] | --global ] \
[--ip-version [IPV4 | IPV6]]
Setup cert-manager
$ git clone https://github.com/mateothegreat/k8-byexamples-cert-manager
$ cd k8-byexamples-cert-manager
$ git submodule update --init
$ make install
Setup ingress-controller
After youโve provisioned a static ip address you can pass it to the make install command below:
$ git clone https://github.com/mateothegreat/k8-byexamples-ingress-controller
$ cd k8-byexamples-ingress-controller
$ git submodule update --init
$ make install LOADBALANCER_IP=<ip address from above>
Issue new Ingress
You can issue as many ingress resources as you need. Simply use the command below which will create the Ingress + Certificate Request resources for you automatically:
make issue HOST=<somehost.com> SERVICE_NAME=<some service> SERVICE_PORT=<service port>
Troubleshooting Ingress Controller
You can see what the current configuration that has been generated by running:
$ kubectl exec <ingress pod name> -- nginx -T
This will output the entire configuration that has been loaded into memory.