First deploy
First Deploy
Echo Test
Apply deployment, service and ingress, using the commands below. This will deploy and expose a docker container on a subdomain.
Deployment
kubectl apply -f ./whoami/whoami-deployment.yaml
whoami-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
spec:
selector:
matchLabels:
app: whoami
replicas: 1
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami:v1.9.0
ports:
- containerPort: 80
Service
kubectl apply -f ./whoami/whoami-service.yaml
whoami-service.yaml
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
type: ClusterIP
ports:
- port: 5678
targetPort: 80
selector:
app: whoami
Ingress
kubectl apply -f ./whoami/whoami-ingress.yaml
whoami-ingress.yaml
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: whoami
spec:
rules:
- http:
paths:
- path: /bar
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
- path: /foo
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
Note: Separate or combined yaml
Here we applied deployment, service and ingress separately. Sometimes this makes sense, but we can also combine them into a single file if we prefer. Just separate the sections with a line containing three dashes like this:
<Deployment>
---
<Service>
---
<Ingress>
Time to test
Use your browser curl to check http://example.com/foo. Alternatively http://your-public-ip/foo
curl http://your-public-ip/foo
Hostname: whoami-946657448-2xhtv
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.9
IP: fe80::7081:fcff:feaf:af05
RemoteAddr: 10.42.0.8:35284
GET /foo HTTP/1.1
Host: 123.345.123.345
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: 123.345.123.345
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-5f77ff7779-s7fh9
X-Real-Ip: 10.42.0.1
Adding HTTPS
The examples below use http->https redirect using a traefik middleware. To utilize it you need to create it first. You can also add/remove it by removing the line traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
in any ingress using this middleware like this:
metadata:
name: erpnext-tls-ingress
annotations:
spec.ingressClassName: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
kubectl apply -f ./traefik-https-redirect-middleware.yaml
traefik-https-redirect-middleware
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
To add https support, you need to either use cert-manager and add some tls-info to the ingress, or use a tls terminating load-balancer.
Cert-manager
You need first to deploy cert-manager.
Ingress
Then you can apply the ingress.
# DOMAIN environment variable required
cat ./whoami/whoami-ingress-tls.yaml | envsubst | kubectl apply -f -
whoami-ingress-tls.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-tls-ingress
annotations:
spec.ingressClassName: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
rules:
- host: whoami.${DOMAIN}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
tls:
- secretName: whoami-tls
hosts:
- whoami.${DOMAIN}