First deploy
First Deploy
Echo Test
Apply deployment, service and ingress, using the commands below. This will deploy and expose a docker container on a subdomain.
Deployment
kubectl apply -f ./whoami/whoami-deployment.yaml
whoami-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
spec:
selector:
matchLabels:
app: whoami
replicas: 1
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami:v1.9.0
ports:
- containerPort: 80
Service
kubectl apply -f ./whoami/whoami-service.yaml
whoami-service.yaml
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
type: ClusterIP
ports:
- port: 5678
targetPort: 80
selector:
app: whoami
Ingress
kubectl apply -f ./whoami/whoami-ingress.yaml
whoami-ingress.yaml
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: whoami
spec:
rules:
- http:
paths:
- path: /bar
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
- path: /foo
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
Note: Separate or combined yaml
Here we applied deployment, service and ingress separately. Sometimes this makes sense, but we can also combine them into a single file if we prefer. Just separate the sections with a line containing three dashes like this:
<Deployment>
---
<Service>
---
<Ingress>
Time to test
Use your browser curl to check http://example.com/foo
curl http://example.com/foo
Hostname: whoami-667fc988f6-jn5f8
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.34
IP: dd40::402e:d1ff:bde4:b8db
RemoteAddr: 10.42.0.1:33686
GET /bar HTTP/1.1
Host: 12.344.200.233
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 11.255.13.126
X-Forwarded-Host: 51.114.111.153
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: m1
X-Real-Ip: 23.251.11.124
Adding HTTPS
The examples below use http->https redirect using a traefik middleware. To utilize it you need to create it first. You can also remove it by removing the line traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
kubectl apply -f ./traefik-https-redirect-middleware.yaml
traefik-https-redirect-middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
To add https support, you need to either use cert-manager and add some tls-info to the ingress, or use a tls terminating load-balancer.
Cert-manager
You need first to deploy cert-manager.
Ingress
Then you can apply the ingress.
# DOMAIN environment variable required
cat ./whoami/whoami-ingress-tls.yaml | envsubst | kubectl apply -f -
whoami-ingress-tls.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-tls-ingress
annotations:
spec.ingressClassName: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
rules:
- host: whoami.${DOMAIN}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 5678
tls:
- secretName: whoami-tls
hosts:
- whoami.${DOMAIN}