Resequence steps and add cert-manager

2023-12-31 11:26:32 -07:00
parent 8c27f2b0e2
commit a21e4ac987
6 changed files with 48 additions and 4 deletions
--- a/05-ingress-controller-nginx/README.md
+++ b/05-ingress-controller-nginx/README.md
@ -0,0 +1,82 @@
+# 05 | Ingress Controller = NGINX
+
+[https://kubernetes.github.io/ingress-nginx/](https://kubernetes.github.io/ingress-nginx/)
+
+[https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)
+
+The ingress controller provides external access to services in the cluster by acting as a reverse proxy.  In this case, I've selected nginx which is simple to configure, and very fast.  It does not have as many fancy features as some other options though.  
+
+```bash
+helm upgrade --install ingress-nginx ingress-nginx   --repo https://kubernetes.github.io/ingress-nginx   --namespace ingress-nginx --create-namespace -f values.yaml
+
+```
+
+Example usage:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-mandelmapper
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: mandelmap.home.stevenpolley.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: mandelmapper
+            port:
+              number: 6161
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myservicea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myservicea.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myservicea
+            port:
+              number: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myserviceb
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myserviceb.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myserviceb
+            port:
+              number: 8443
+  tls:
+    - hosts:
+      - myserviceb.foo.org
+      secretName: example-tls
+---
+# A secret must also be provided, likely by a cert-manager of some kind
+apiVersion: v1
+kind: Secret
+metadata:
+  name: example-tls
+data:
+  tls.crt: <base64 encoded cert>
+  tls.key: <base64 encoded key>
+type: kubernetes.io/tls
+```
--- a/05-ingress-controller-nginx/values.yaml
+++ b/05-ingress-controller-nginx/values.yaml
@ -0,0 +1,14 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
+
+controller:
+  service:
+    # -- Provisioned manually on external hardware load balancer
+    externalIPs: 
+    - "10.69.69.51"
+    nodePorts:
+      # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
+      http: "31451"
+      # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
+      https: "31207"
+    externalTrafficPolicy: Local