deploy ingress controller and cert manager with helm chart.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginxdeploy cert manager
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager --namespace cert-manager --create-namespace jetstack/cert-manager --version v1.5.3 --set installCRDs=truecreate issuer or cluster issuer and deploy
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: admin@trankhanhtoan.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- selector: { }
http01:
ingress:
class: nginx
deploy an example deployment+service
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-nginx
labels:
app: hello-nginx
spec:
replicas: 3
selector:
matchLabels:
app: hello-nginx
template:
metadata:
labels:
app: hello-nginx
spec:
containers:
- name: hello-nginx
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: hello-nginx
spec:
type: ClusterIP
selector:
app: hello-nginx
ports:
- port: 80
targetPort: 80
protocol: TCP
Deploy an ingress to expose service to internet with domain+ssl
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-hello-nginx
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
tls:
- hosts:
- toantest.trankhanhtoan.com
secretName: toantest-tls
rules:
- host: toantest.trankhanhtoan.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-nginx
port:
number: 80
Some note:
- To k8s cluster can validate domain to create ssl, domain must to point to cluster by CNAME type.
kubectl get service -Ato get domain of aws elb on nginx-ingress service.
- Install helm:
brew install helm