Skip to content

Instantly share code, notes, and snippets.

@yogendra
Last active May 23, 2021 09:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save yogendra/5e597132051afaef98db193102fe1ae0 to your computer and use it in GitHub Desktop.
Save yogendra/5e597132051afaef98db193102fe1ae0 to your computer and use it in GitHub Desktop.
K8s Tools

Simple Ingress + TLS setup

  1. Update /etc/hosts to point web.corp.local to your ingress IP

    sudo echo "10.40.14.36 web.corp.local" >> /etc/hosts
    
  2. Create certs

    1. Create certificates

      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout web.key -out web.cer -subj "/CN=web.corp.local/O=web.corp.local"
      
  3. Create secret

    kubectl create secret tls web --key web.key --cert web.cer
    
  4. Deploy application

    1. Use existing web.yaml

      1. Update image name based
      2. Update host in Ingress resource

      OR

    2. Create deployment

      1. Set image name in environment variable

        IMAGE=harbor.corp.local/library/nginx:V1
        
      2. Create deployment

        kubectl create deployment web --image=$IMAGE 
        
    3. Create service

      kubectl expose deployment web --port 80 --target-port 80
      
    4. Create ingress

      1. Create ingress.yaml

        apiVersion: networking.k8s.io/v1beta1
        kind: Ingress
        metadata: 
          name: web
          annotations: {}
        spec:
          tls:
          - hosts:
            - web.corp.local
            secretName: web
          rules:
          - http:
              paths:
              - path: /
                backend:
                  serviceName: web
                  servicePort: 80
        
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: web
name: web
spec:
replicas: 1
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- image: harbor.corp.local/library/nginx:V1
name: nginx
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 100Mi
---
apiVersion: v1
kind: Service
metadata:
name: web
labels:
app: web
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: web
type: ClusterIP
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0NRQ1dZQlQ0azcwMlRqQU5CZ2txaGtpRzl3MEJBUXNGQURBeU1SY3dGUVlEVlFRRERBNTMKWldJdVkyOXljQzVzYjJOaGJERVhNQlVHQTFVRUNnd09kMlZpTG1OdmNuQXViRzlqWVd3d0hoY05NakF3T1RFMwpNRFUwTWpFMVdoY05NakV3T1RFM01EVTBNakUxV2pBeU1SY3dGUVlEVlFRRERBNTNaV0l1WTI5eWNDNXNiMk5oCmJERVhNQlVHQTFVRUNnd09kMlZpTG1OdmNuQXViRzlqWVd3d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDeWdYUk45YWl4WlNGcHF2UEh6RHZhVnRPalFMd0g5MTBTN0p0MStIM01PV2s1akR3TgpnT25zdnlWTXI5UjNoeFFKclJIcVR1dW9RRTBlUTZDaVY3dlg3c3NJR0RXb0E3M3dhb1V3TFVNOWQyYTh0RExBCnA3S3krVzh0cTZzOXJ4ZDdWdmg4dDJhMi8rd256ekl1WE1rdmFtU3A4REJkV2NxYS94UlZ1RUdrRG14UU5tbW8KdVVEcUtFeHpNZnY5TS83Q3J3R1VJTlgxNzh2a3lXR0ZZWVVtZ3lGdmxRbVIxZVB1SklMWGo0WmlvRDlmNFAxdApQaHFoU2hLOEF4cUc5ODBlVEkwekd0NFRnVHJYSE94MVZmWTBic3hWOFVJL1pRK0VFTGRmL2lOSVhNdlZlY095CnNwOU1mZzdiaHZkeENVZEdRcE1xL01YbVI3cGgvUGc3L2o4REFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHSlUyWE5RVGFXNG5kaFovbkZhbUVjOVlHUWpBWDExTjE2VG1VQ2FQbEtmMHcyZnBaSHIyMjdrSlozWQpwaE9BYStTOERGc2E1dU9VeDVGNlJlSEhJMW5ySjczelgrWTlzVlJKMlhIZFVZeW1zckNCWGdTZkNNT1kyQzNnClBGcVFCc3d6cUdhV1MwbmFvTkhDZFF0YVJlRkJTb3pBNzFwbkMxZFJPN3lPbFc1enEzeHV1RmxuZ0RxcUY2bm8KV0N3TEk0b1lBMVRHK3ZjQk9NREIrRUpIdjBoaityTHhpb0w4bGVDK2hZd1dWRHdab05ITWZ0YldOT0pmRkhYTwpsdkkwWXc4ak9CeC9vSy9UeXFpVWtscXMvZGlBOVl1OXdpWE1RN04zdURpZ3lnYnVwODB0cmlUaEtsL3ZoK3p1CnNJMURRWVF0ZmVXU1lEQW5xZ09MVFVRV0FwWT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3lnWFJOOWFpeFpTRnAKcXZQSHpEdmFWdE9qUUx3SDkxMFM3SnQxK0gzTU9XazVqRHdOZ09uc3Z5Vk1yOVIzaHhRSnJSSHFUdXVvUUUwZQpRNkNpVjd2WDdzc0lHRFdvQTczd2FvVXdMVU05ZDJhOHRETEFwN0t5K1c4dHE2czlyeGQ3VnZoOHQyYTIvK3duCnp6SXVYTWt2YW1TcDhEQmRXY3FhL3hSVnVFR2tEbXhRTm1tb3VVRHFLRXh6TWZ2OU0vN0Nyd0dVSU5YMTc4dmsKeVdHRllZVW1neUZ2bFFtUjFlUHVKSUxYajRaaW9EOWY0UDF0UGhxaFNoSzhBeHFHOTgwZVRJMHpHdDRUZ1RyWApIT3gxVmZZMGJzeFY4VUkvWlErRUVMZGYvaU5JWE12VmVjT3lzcDlNZmc3Ymh2ZHhDVWRHUXBNcS9NWG1SN3BoCi9QZzcvajhEQWdNQkFBRUNnZ0VBTEhoeHlDWkdVNE4xVW9UalhNZzF0UXhpaDA1T1NkSEhYenFROUUvbXp5VVMKWU9MZDV5TlJvOGh1KzI3bWlLeWZRbFhhbTd2em02UUJVbVBZdGZrVGRCVXFnYWErWDFBblZxakM2NkNyR3JvUApYejJwVXpPMElrQmdBVW0rVEl5OVZkM3g0K2d3NzdCTVhoS1JWdG1JeVlaQTg5RkJ5MC9lV01UcGhQMTFaUEJFClNncWFpMVhCNGFjalYvRHFKS05KNi9kV05CRkRXRTdSQmNXZFFvS1NKNnNGdFdhMzVFTFY2UER6bHArbDZZTTgKMHBwVytvT0huU0FVbm5tRTkrYTN1eldvOVdEQ2pQcmw5cmlyc0NTMlRmanBYYS9SNkUwRjhTS3VDSVRndU1rVgozOGJMMlRyaEFVV0E1bDRIaGpnUHRvNW5hWWNLZXAvb3lVbWRwN3g4V1FLQmdRRGdici9mQ0pDMCtUMzJEYXB2CkZ4elM1UURSWVhDcnBqaHk2cWNuRkltelZKSHlybHVtT2NFM21rZ0NGcTQzbml4cVBBVllrYk9YT1owY1dMNEEKWnlCckFib05sZlhGMStNUXNJOFhlcWdOWkRHUFlMUjdsMGgzUjJreDRkL1ZRblpkTC9LK0ZJZlczYU8wbGtDQQorcnNKZDBjT2JwSmNiMU9GR0tmSzU1aTM3d0tCZ1FETG5QMzg2akZHMmIyZWxZRSs4blIwdFlsbXdhbWkyTWpICkxlM1BvVGVVY2xOUXBiY3VOTlpnS09yUFlKcWRxaE8rT0JVQm5yNVZDOFJVT0o2UUJ5cXB3S3NVMWVURE9QSDkKQitQOEVqMUt1TE5vMmUrM3BrTTVxOHdGVXl4cG45UkwyeGdNUi84Z25NazZWVmtQZFpNL2lnMnBCUUUveHlvWApvaUtva0w2MkxRS0JnRUxNYzhzOFQyV3Q4V1UwdUErTWY0VzlwenFxbDlCZkR0b1ZRVjcrVytYR1BCSlJGdklvCnFudVVMZTZCTmFWVUxNQUowVVdGU0VDd1l6UzJyUWFOcXpadU15UXNDQlMwcHQ2bXpsQWNyN3djb0N1ZWl0bG0KTTZsYzFkQ0UvQXdMVmhOeVcvdDdQTnNVNk02dEVkSFJ6cTJJbE51VXlYYzlvMHd3QkhEOThaUjlBb0dBWWlFeQpZNDcyMnIrYjNHOFBVQ2dIcWl2SG9hZGFPeXFoY1NVWWhNV2RCTVVvbENpWnBRSkFBeTRWSkliWlhYMFhjTWlVCmp5aFRjS2R3SW1yN09Fekw2ZTM2UmR0a0doWTZ3Z2pvZnBiSHhWaEkxeEtacm5mSjFHU1F1a3hBamxOQ1BLREYKOFQxTm53a1JEalVON0I1dExlVTUraWg0VnFXRkNzalFUVThkS3EwQ2dZQlE1cjRDaVdnK1ZqaHJDeEY5WFBzRApvRm5SRGQ3V1JpRDR2emtBMEJLOCtWS1RWODRXdnFSNFVHZTNoTDFJWUlyQlRUMWl3c1FQdURmZ2hkZzVzVUszCmpFWlpEbTZoOWlUa1cwTk9xazhSZTRuaTB1VTVBcU9KYkhIaU92KzFkVEsyVENleFhFWEdQV3p6ZXFlOVRvMDAKaXJ5clY5K0NsUjVYVVI0VmZOR1RwUT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
kind: Secret
metadata:
labels:
app: web
name: web
type: kubernetes.io/tls
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
labels:
app: web
name: web
spec:
tls:
- hosts:
- web.corp.local
secretName: web
rules:
- http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment