Versions Compared

Old Version 14

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version 15

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languageyml
titlecafe-ingress.yaml (multiple path)
apiVersion: extensionsnetworking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: cafe-ingress
spec:
#  tls:                             # Let's ignore 
#  - hosts:                         # and comment 
#    - cafe.example.com             # these lines 
#    secretName: cafe-secret        # for the moment
  rules:
  - host: cafe.example.com
    http:
      paths:
      - path: /tea                  # Use cafe.example.com/tea to target "tea" services
        backend:
          serviceName: tea-svc      # Enter the service name
          servicePort: 80           # Enter the port number on which the service is listening
      - path: /coffee               # Use cafe.example.com/coffee to target "coffee" services
        backend:
          serviceName: coffee-svc   # Enter the service name
          servicePort: 80           # Enter the port number on which the service is listening

...

These two web pages, while very simple, assure us that the addressing mechanism works correctly. Of course, if you don't enter any path (/tea or /coffee) after the host, you will get the message "404 Not Found". This happens because we have not associated any service in our ingress resource in the "homepage" of the host (i.e. the "- path: /" is not configured).

Further insights

Learn more about the tls.crt and tls.key keys

You may have noticed the particular wording "base64_encoded" inside the cafe-secret.yaml. In fact, it is necessary to insert the keys with a certain coding. We take our two keys, obtained with the certificate, and apply the following command

Code Block
languagebash
titleConvert "x509 format base64 decoded" to "x509 format base64 encoded"
$ base64 -w 0 cafe.example.com.pem
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhDakNDQlBLZ0F3SUJBZ0lRR0J6emlZVDR0V3BpT...
$ base64 -w 0 cafe.example.com.key
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdjFyQzdvWVh3YU5yc...

We just have to paste the output of the .pem file into the tls.crt field and the output of the .key file into the tls.key field.

Multiple sub-domains with one path

Instead of using URLs to make different applications accessible, some Ingress resource use sub-domains. So if you have an application configured this way, your .yaml file would look like below: instead of having one host and multiple path, now we have multiple host, where each host represents a sub-domain and the single path redirects the request to the service. For a secure connection, a certificate, and therefore a secret, is required for each host.

...

languageyml
titlecafe-ingress.yaml (sub-domain)

...

Uninstall the Ingress Controller

...