Skip to content

First deploy

First Deploy

Echo Test

Apply deployment, service and ingress, using the commands below. This will deploy and expose a docker container on a subdomain.

Deployment

kubectl apply -f ./whoami/whoami-deployment.yaml
whoami-deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
spec:
  selector:
    matchLabels:
      app: whoami
  replicas: 1
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami:v1.9.0
          ports:
            - containerPort: 80

Service

kubectl apply -f ./whoami/whoami-service.yaml
whoami-service.yaml 
apiVersion: v1
kind: Service
metadata:
  name: whoami
spec:
  type: ClusterIP
  ports:
    - port: 5678
      targetPort: 80
  selector:
    app: whoami

Ingress

kubectl apply -f ./whoami/whoami-ingress.yaml
whoami-ingress.yaml 
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: whoami

spec:
  rules:
    - http:
        paths:
          - path: /bar
            pathType: Prefix
            backend:
              service:
                name: whoami
                port:
                  number: 5678
          - path: /foo
            pathType: Prefix
            backend:
              service:
                name: whoami
                port:
                  number: 5678

Note: Separate or combined yaml

Here we applied deployment, service and ingress separately. Sometimes this makes sense, but we can also combine them into a single file if we prefer. Just separate the sections with a line containing three dashes like this:

<Deployment>
---
<Service>
---
<Ingress>

Time to test

Use your browser curl to check http://example.com/foo. Alternatively http://your-public-ip/foo

curl http://your-public-ip/foo

Hostname: whoami-946657448-2xhtv
IP: 127.0.0.1
IP: ::1
IP: 10.42.0.9
IP: fe80::7081:fcff:feaf:af05
RemoteAddr: 10.42.0.8:35284
GET /foo HTTP/1.1
Host: 123.345.123.345
User-Agent: curl/7.81.0
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 10.42.0.1
X-Forwarded-Host: 123.345.123.345
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: traefik-5f77ff7779-s7fh9
X-Real-Ip: 10.42.0.1

Adding HTTPS

The examples below use http->https redirect using a traefik middleware. To utilize it you need to create it first. You can also add/remove it by removing the line traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd in any ingress using this middleware like this:

metadata:
  name: erpnext-tls-ingress
  annotations:
    spec.ingressClassName: traefik
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd

kubectl apply -f ./traefik-https-redirect-middleware.yaml
traefik-https-redirect-middleware 
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: redirect-https
spec:
  redirectScheme:
    scheme: https
    permanent: true

To add https support, you need to either use cert-manager and add some tls-info to the ingress, or use a tls terminating load-balancer.

Cert-manager

You need first to deploy cert-manager.

Ingress

Then you can apply the ingress.

# DOMAIN environment variable required
cat ./whoami/whoami-ingress-tls.yaml | envsubst | kubectl apply -f -
whoami-ingress-tls.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami-tls-ingress
  annotations:
    spec.ingressClassName: traefik
    cert-manager.io/cluster-issuer: letsencrypt-prod
    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
spec:
  rules:
    - host: whoami.${DOMAIN}
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: whoami
                port:
                  number: 5678
  tls:
    - secretName: whoami-tls
      hosts:
        - whoami.${DOMAIN}