infra

History

Dustin fefbaa9991 ingress: Use Deployment+Service with externalIPs Now that we have `keepalived` managing the "virtual" IP address for the ingress controller, we can change _ingress-nginx_ to run as a Deployment rather than a DaemonSet. It no longer needs to use the host network namespace, as `kube-proxy` will route all traffic sent to the configured external IP address to the controller pods. Using the _Local_ external traffic policy disables NAT, so incoming traffic is seen by the nginx unmodified.	2024-11-22 22:35:37 -06:00
..
README.md	ingress: Show how to import cert as secret	2022-08-23 21:20:47 -05:00
kustomization.yaml	ingress: Use Deployment+Service with externalIPs	2024-11-22 22:35:37 -06:00

Dustin fefbaa9991 ingress: Use Deployment+Service with externalIPs

Now that we have `keepalived` managing the "virtual" IP address for the
ingress controller, we can change _ingress-nginx_ to run as a Deployment
rather than a DaemonSet.  It no longer needs to use the host network
namespace, as `kube-proxy` will route all traffic sent to the configured
external IP address to the controller pods.  Using the _Local_ external
traffic policy disables NAT, so incoming traffic is seen by the
nginx unmodified.

2024-11-22 22:35:37 -06:00

README.md

ingress: Show how to import cert as secret

2022-08-23 21:20:47 -05:00

kustomization.yaml

ingress: Use Deployment+Service with externalIPs

2024-11-22 22:35:37 -06:00

README.md

Ingress Setup

Deploy ingress-nginx

Using ingress-nginx in host network mode. Assign the ingress custom role to nodes that will handle incoming traffic (e.g. have DNS names pointed to their addresses)

kubectl label node k8s-amd64-n{0,1,2}.pyrocufflink.blue kubernetes.io/role=ingress
kubectl create secret tls pyrocufflink-cert \
    --cert ~/certs/certificates/_.pyrocufflink.net.crt \
    --key ~/certs/certificates/_.pyrocufflink.net.key
kubectl apply -f ingress-nginx.yaml