Configuring the ingress resource
This is a stub documentation, we will update this soon.
For a full example see our example repo. You can see a demo of this example here.
Before you begin
Basic deployment
If you don't have a deployment already you want to use you can deploy this simple deployment:
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: nginx-deployment
5 labels:
6 app: nginx
7 spec:
8 replicas: 3
9 selector:
10 matchLabels:
11 app: nginx
12 template:
13 metadata:
14 labels:
15 app: nginx
16 spec:
17 containers:
18 - name: nginx
19 image: nginx:1.14.2
20 ports:
21 - containerPort: 80
A simple service to match the deployment:
1apiVersion: v1
2kind: Service
3metadata:
4 name: nginx-service
5 namespace: demo
6 labels:
7 app: nginx
8spec:
9 selector:
10 app: nginx
11 ports:
12 - protocol: TCP
13 port: 80
14 targetPort: 80
15 type: ClusterIP
The ingress definition, note that it looks like any ingress-nginx ingress definition:
1apiVersion: networking.k8s.io/v1
2kind: Ingress
3metadata:
4 name: nginx-ingress
5 namespace: demo
6 annotations:
7 nginx.ingress.kubernetes.io/rewrite-target: /
8spec:
9 ingressClassName: nginx
10 tls:
11 - hosts:
12 - ingress-demo.strid.tech
13 secretName: nginx-tls
14 rules:
15 - host: ingress-demo.strid.tech
16 http:
17 paths:
18 - path: /
19 pathType: Prefix
20 backend:
21 service:
22 name: nginx-service
23 port:
24 number: 80
Secret creation
The secret we're using doesn't really contain any "secret" data, it contains the public certificate, like a normal tls secret in kubernetes, and some metadata for the ingress to know what key to use.
The metadata is in the form of engine:e_akv:vault:kv-name:key-name where vault is the type of key vault (it can also be hsm), kv-name is the name of the key vault and key-name is the name of the key in the key vault.
1apiVersion: v1
2data:
3 tls.crt: "base64(certificate)"
4 tls.key: "base64(engine:e_akv:vault:kv-name:key-name)"
5kind: Secret
6metadata:
7 namespace: demo
8 name: nginx-tls
9type: kubernetes.io/tls