-
-
Save Johannestegner/463c0877431a4fe6a53a4ba3888c6002 to your computer and use it in GitHub Desktop.
Ingress Controller manifest example.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a bit simplified, so don't copy this straight of, it's just an example. | |
The important parts is to show that the LB service exposes port 443 and 80 and selects the `traefik` daemonset. | |
When a request is sent in through the loadbalancer (LB machine will send request straight to the service), the ingress controller will handle the request | |
it then looks for a service which an ingress resource points to and forward the request to that one. | |
So, LB => Ingress => App | |
Doing it this way will make it so that when you expose a service to the internet, you will always go through the ingress controller | |
rather than exposing a new service as a LB each time. | |
Further, the ingress controller can handle things like TLS Termination and certificate serving (via cert-manager and similar) which is very helpful. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: traefik | |
namespace: core | |
spec: | |
type: LoadBalancer | |
ports: | |
- protocol: TCP | |
name: web | |
targetPort: 30080 | |
port: 80 | |
- protocol: TCP | |
name: websecure | |
targetPort: 30443 | |
port: 443 | |
selector: | |
app: traefik | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: traefik | |
namespace: core | |
labels: | |
app: traefik | |
spec: | |
selector: | |
matchLabels: | |
app: traefik | |
template: | |
metadata: | |
labels: | |
app: traefik | |
spec: | |
containers: | |
- name: traefik | |
image: 'traefik:v2.10' | |
args: | |
- <ALOT OF ARGUMENTS HERE> | |
ports: | |
- name: web | |
containerPort: 30080 | |
protocol: TCP | |
- name: websecure | |
containerPort: 30443 | |
protocol: TCP | |
imagePullPolicy: IfNotPresent | |
securityContext: | |
drop: | |
- ALL | |
privileged: true | |
restartPolicy: Always | |
serviceAccountName: traefik-ingress-controller |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment