Skip to content

Instantly share code, notes, and snippets.

@ddewaele
Last active July 7, 2018 08:25
Show Gist options
  • Save ddewaele/6b07ef7b9506259105fcb4a18bb5bcf7 to your computer and use it in GitHub Desktop.
Save ddewaele/6b07ef7b9506259105fcb4a18bb5bcf7 to your computer and use it in GitHub Desktop.
Azure Kubernetes Ingress Files
apiVersion: v1
kind: Service
metadata:
name: aks-ssh
spec:
selector:
app: aks-ssh
type: LoadBalancer
ports:
- protocol: TCP
port: 22
targetPort: 22
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: aks-ssh
labels:
app: aks-ssh
spec:
replicas: 1
selector:
matchLabels:
app: aks-ssh
template:
metadata:
labels:
app: aks-ssh
spec:
containers:
- name: alpine
image: alpine:latest
ports:
- containerPort: 22
command: ["/bin/sh", "-c", "--"]
args: ["while true; do sleep 30; done;"]
hostNetwork: true
nodeName: aks-nodepool1-19328091-0
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: azure-vote-back
spec:
replicas: 1
template:
metadata:
labels:
app: azure-vote-back
spec:
containers:
- name: azure-vote-back
image: redis
ports:
- containerPort: 6379
name: redis
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-back
spec:
ports:
- port: 6379
selector:
app: azure-vote-back
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: azure-vote-front
spec:
replicas: 1
template:
metadata:
labels:
app: azure-vote-front
spec:
containers:
- name: azure-vote-front
image: microsoft/azure-vote-front:v1
ports:
- containerPort: 80
env:
- name: REDIS
value: "azure-vote-back"
---
apiVersion: v1
kind: Service
metadata:
name: azure-vote-front
spec:
type: LoadBalancer
ports:
- port: 8888
protocol: TCP
targetPort: 80
selector:
app: azure-vote-front
# Step 1: Create the self signed certificate and key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=BE/ST=Mechelen/L=Mechelen/O=IxorTalk/OU=Platform/CN=ixortalk-aks-ingress.canadaeast.cloudapp.azure.com" -keyout ./certs/nginx-selfsigned.key -out ./certs/nginx-selfsigned.crt
Generating a 2048 bit RSA private key
....................+++
................+++
writing new private key to '/Projects/Azure/Ingress/certs/nginx-selfsigned.key'
-----
# Step 2: Create the dhparam file
dhparam -out ~/certs/dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
# Step 3: Verify that all files have been created
➜ Ingress git:(master) ✗ ls -ltr ./certs
total 16
-rw-r--r-- 1 ddewaele staff 1675 Apr 2 20:23 nginx-selfsigned.key
-rw-r--r-- 1 ddewaele staff 1688 Apr 2 20:23 nginx-selfsigned.crt
-rw-r--r-- 1 ddewaele staff 424 Apr 2 20:25 dhparam.pem
# Step 4: Add the secrets to your kubernetes cluster
kubectl create secret tls tls-certificate --key ~/certs/nginx-selfsigned.key --cert ~/certs/nginx-selfsigned.crt
kubectl create secret generic tls-dhparam --from-file=/Users/xxx/certs/dhparam.pem
# Step 5: Update the public IP of your kubernetes custer with a DNS name (prefx)
az network public-ip update --resource-group MC_aksgrouptest2_aksclustertest2_canadaeast --name kubernetes-abf63244236a411e8a7010a58ac1f158 --dns-name ixortalk-aks-ingress
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
spec:
replicas: 1
template:
metadata:
labels:
app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
# Any image is permissable as long as:
# 1. It serves a 404 page at /
# 2. It serves 200 on a /healthz endpoint
image: gcr.io/google_containers/defaultbackend:1.0
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
kind: Service
apiVersion: v1
metadata:
name: default-http-backend
spec:
selector:
app: default-http-backend
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: NodePort
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
revisionHistoryLimit: 3
template:
metadata:
labels:
k8s-app: nginx-ingress-lb
spec:
containers:
- args:
- /nginx-ingress-controller
- "--default-backend-service=$(POD_NAMESPACE)/default-http-backend"
- "--default-ssl-certificate=$(POD_NAMESPACE)/tls-certificate"
- "--election-id=ingress-controller-leader"
- "--ingress-class=nginx"
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.12.0"
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 5
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
volumeMounts:
- mountPath: /etc/nginx-ssl/dhparam
name: tls-dhparam-vol
terminationGracePeriodSeconds: 60
volumes:
- name: tls-dhparam-vol
secret:
secretName: tls-dhparam
---
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
selector:
k8s-app: nginx-ingress-lb
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: http-ingress
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
spec:
tls:
- hosts:
- ixortalk-aks-ingress.canadaeast.cloudapp.azure.com
secretName: tls-certificate
rules:
- host: ixortalk-aks-ingress.canadaeast.cloudapp.azure.com
http:
paths:
- path: /
backend:
serviceName: azure-vote-front
servicePort: 8888
➜ certs git:(master) ✗ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
azure-vote-back ClusterIP 10.0.213.126 <none> 6379/TCP 3m
azure-vote-front ClusterIP 10.0.91.210 <none> 8888/TCP 3m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 3h
➜ ~ kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
azure-vote-back ClusterIP 10.0.196.66 <none> 6379/TCP 3m
azure-vote-front LoadBalancer 10.0.178.108 52.235.58.228 8888:32513/TCP 3m
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 56m
@ddewaele
Copy link
Author

ddewaele commented Apr 2, 2018

Might need to ensure that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment