Configure Ingress
Preparing local Linux environment or VM.
Do the following once to prepare your environment:
Reference: https://taasjci.atlassian.net/wiki/spaces/GS/pages/900531038/Creating+Ingress+controller+-+Completed
If you are deploying from Win10 laptop, enable Linux Subsystem on Windows Features and install Linux subsystem of your choice. The document below assumes that Ubuntu 16.x was installed. Follow https://docs.microsoft.com/en-us/windows/wsl/install-win10 for reference if necessary. As an alternative, any Linux machine or VM could be used.
Install Helm client from https://github.com/helm/helm/releases (this document was tested with client version 2.9.0, https://storage.googleapis.com/kubernetes-helm/helm-v2.9.0-linux-amd64.tar.gz).
AKS only: use az aks install-cli to install kubectl client. Refer MS documentation for details.
OpenShift only: Install OpenShift client from https://www.okd.io/download.html (this document was tested with client version 3.11.0, https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz).
Ensure that helm, kubectl (and oc if OpenShift is used) binaries are included in your PATH. On Win10-based Linux subsystem you can just move these binaries to ~/bin. Note: oc binary is full copy of kubectl binary if OpenShift is used.
Ensure that primary nameserver in /etc/resolv.conf is 172.30.1.135. Note that Win10-based Linux subsystem uses to prepend 8.8.8.8 and 8.8.4.4 nameservers as primary.
AKS only: use az aks get-credentials -f .... to update kubectl configuration with credentials of your server. Refer MS documentation for details.
OpenShift only: Login with oc CLI tool. The easiest way to get login credentials for CLI login is to login to OpenShift console in your browser, click on your name at top right corner and copy login command. It will be looking like "oc login https://be-deb-mgmt.debinternal.cloud:443 --token=5lD3gNwU..............". Run this command in your Linux shell and ensure that it works and you see tiller namespace in the list of available namespaces.
Helm Setup
For deployment of Ingress controller, stock template from https://github.com/helm/charts/tree/master/stable/nginx-ingress project is used with some customization.
Clone this project with git:
Under stable/nginx-express/templates/, edit controller-deployment.yaml and remove the following block lines 104 to 112:
Under stable/nginx-express/, edit values.yaml and set controller.name and ingressClass to match your environment, like below:
Create Kubernetes secret:
kubectl create secret tls aks-ingress-tls --namespace ingress-basic --key aks-ingress-tls.key --cert aks-ingress-tls.crt
The files aks-ingress-tls.key and aks-ingress-tls.crt are and they are stored in lastpass
Create a policy for tiller:
kubectl policy add-role-to-user edit "system:serviceaccount:${TILLER_NAMESPACE}:tiller"
Install Helm Chart
Install helm chart (substitute your nginx container name and namespace name):
helm install --name nginx-as-dev nginx-ingress --namespace as-dev
Check Ingres
Check that nginx-ingress container was started (substitute your namespace name):
kubectl get services –-namespace as-dev
Configuring Certs
Convert a PFX to a Base64 string:
Generate a self signed cert
Here is another way of generating the certs using modules
Last updated