Working in a k8s environment provides a lot of the amenities we've been talking about in the previous examples: service discovery, load balancing across individual containers, network isolation, etc. When you need to expose your HTTP/HTTPX routes outside a K8S cluster, an Ingress Controller is the way to go. Traefik can be used as-is as a full featured ingress controller.
We can directly translate our previous examples into kubernetes ingress rules.
cd k8s-ingress-controller
# clone the chart from the release repo
git clone https://github.com/containous/traefik-helm-chart
# Install in the namespace "traefik"
helm install --namespace traefik \
--name traefik \
./traefik-helm-chart/traefik
Namespace the ingress with the developer name, certmanager handles ssl certs, wildcard dns provides vanity namespace. Guarantees every developer has isolated ci/cd and staging area.
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcptls
namespace: dooley
spec:
entryPoints:
- websecure
routes:
- match: Host(`dooley.dev.agaveplatform.org`) || Host(`dooley.minikube`)
kind: Rule
services:
- name: apim-proxy
port: 443
tls:
domains:
- main: minikube
secretName: apim-proxy-cert-tls
certResolver: default
passthrough: true