It’s time to move on to a better strategy, which is ingress controller, and as an added bonus we will see how to add SSL certificate to have a secure domain. We have already seen how to setup nginx reverse proxy for aspnet core apps with and without Docker compose and How to setup nginx reverse proxy && load balancer for aspnet core apps with Docker and azure kubernetes service.
Part 4 : switch to Azure Container Registry from Docker Hub
Part 5: Using Azure DevOps, Automate Your CI/CD Pipeline and Your Deployments
Part 6 : Using Github, Automate Your CI/CD Pipeline and Your Deployments
Part 7 : Possible methods to reduce your costs
Introduction
We created a nginx reverse proxy in a previous article; this time, we’ll employ an ingress controller.
For Kubernetes services, an ingress controller is a piece of software that offers reverse proxy, programmable traffic routing, and TLS termination. Individual Kubernetes services’ ingress rules and routes are configured using Kubernetes ingress resources. A single IP address can be used to route traffic to numerous services in a Kubernetes cluster when ingress rules and an ingress controller are utilized.
In this demonstration, we’ll show you how to switch between four applications as services by using the ingress controller.
Later, we’ll look at adding an SSL certificate and switching (redirect ) from HTTP to HTTPS.
Part 1 : Create deployments in AKS
Using the docker hub, we will begin by defining the applications we will use in this context.
In the screenshots I’ll demonstrate, I’ll use two additional deployments of the same type as 01-nginx-frontend.yml, but with a different version (tag) on Docker Hub of the same container .
Now, before we deploy our applications, we will construct a namespace where all of our work will be gathered.
Let’s launch our Ingress now that everything is ready.
kubectl apply -f app-ingress.yml
Results :
As you can see, four applications are displayed for the same entrance.
we used route traffic to each application ,traffic directed to EXTERNAL IP/webapp1 is forwarded to the my-nginx-service-01. Themy-nginx-service-02 service is used to route traffic to EXTERNAL IP/webapp2.
For the time being, this is good but not ideal. We want a secure domain via certificate, we don’t want to utilize an ip address to access our websites. the following section will explain it all .
Part 3: Custom domains
First, we’ll look at how to include Cutsom Domain in our sample.
If you remember we have use the cmd line : kubectl get services –namespace ingress -o wide -w app-ingress-ingress-nginx-controller , the results include an external IP adress that we will use in our domain registrar , in my case is godaddy .
All you have to do is to add a new record :
kind : HAS
lastname : @
Value : the ip adress of the ingress
ttl : Custom
seconds : 600
This is good, but we still need to make some changes to our app-ingress.yml.
As you can see, our ingress domain currently lacks a certificate, making it insecure. In the next section, we’ll discuss how to add a certificate and force HTTP to HTTPS.
Part 3: Custom domains and SSL/TLS certificates
We will get a free certificate from SSLforfree for the demo’s purposes. You must purchase a verified certificate in order to use production environments.
In order to have the certificate you need to have acces to your domain .
Or : Right click on the first certificate and open it on the editor :
Insert the second certificate on a new line at the end of the document (after end certificate you will insert a new one that start with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—–)
Now you must save as one file .crt ,you should have everything you need to install the SSL Certificate on your system.
Now we will create a new Namespace that will contain our secret for the certification :
Comments 3