Added documentation to use TLS with traefik

This commit is contained in:
Olivier Wenger 2022-02-20 15:22:30 +01:00
parent 11dc61a39e
commit b24baeb9e2
4 changed files with 84 additions and 1 deletions

View File

@ -152,6 +152,41 @@ _To turn off k3s upgrades, you can either set the `k3s_upgrade=true` label in th
kubectl -n system-upgrade label node <node-name> k3s_upgrade- kubectl -n system-upgrade label node <node-name> k3s_upgrade-
``` ```
## Example Ingress with TLS
Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example
```sh
kubectl apply -f examples/tls/.
```
```yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: le
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
```
## Takedown ## Takedown
If you want to takedown the cluster, you can proceed as follows: If you want to takedown the cluster, you can proceed as follows:
@ -203,4 +238,4 @@ Any contributions you make are **greatly appreciated**.
[issues-url]: https://github.com/mysticaltech/kube-hetzner/issues [issues-url]: https://github.com/mysticaltech/kube-hetzner/issues
[license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge [license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge
[license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt [license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt
[product-screenshot]: .images/kubectl-pod-all-17022022.png [product-screenshot]: .images/kubectl-pod-all-17022022.png

24
examples/tls/ingress.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: le
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80

13
examples/tls/pod.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80

11
examples/tls/service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
run: nginx