Create an ingress
To create an ingress for each public:
-
Log in into your rancher account and click the "Import YAML" button:
-
From the Import YAML screen, enter the following to create the service:
apiVersion: v1 kind: Service metadata: name: esservices-dev-magnolia-helm-public-svc-0 (1) namespace: esservices-dev (2) spec: clusterIP: None clusterIPs: - None ports: - name: tomcat port: 8080 targetPort: 8080 selector: statefulset.kubernetes.io/pod-name: esservices-dev-magnolia-helm-public-0 (3)
1 Give a name
to the service.2 Specify the namespace
to create the service.3 The name of your public pod. -
Then, you need to create the ingress.
Again you need to import a new
yaml
with the Import YAML screen:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-body-size: 512m cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/configuration-snippet: | (1) more_set_headers "X-Robots-Tag: noindex, nofollow"; more_set_headers "X-Upstream $upstream_addr"; name: public-0 (2) namespace: esservices-dev (3) spec: rules: - host: public-0.esservices-dev.eu-playground.magnolia-platform.com (4) http: paths: - backend: service: name: esservices-dev-magnolia-helm-public-svc-0 (5) port: name: tomcat path: / pathType: ImplementationSpecific tls: - hosts: - public-0.esservices-dev.eu-playground.magnolia-platform.com (4) secretName: public-0.esservices-dev.eu-playground.magnolia-platform.com (6)
1 Only use the `configuration-snippet` exactly as instructed. Otherwise, you may cause issues with your PaaS deployment. 2 Name of the ingress: you should give a name for the ingress. 3 Namespace: namespace to create the ingress. 4 Host: host to access to the specific public. 5 Name of the service: it must be equal to the one created in the previous step. 6 Secret Name: secret for access to the public.
Now, you can see the services created with the urls for each public. You just need to repeat the previous steps for your other public(s).
Set up a wildcard ingress
You have multiple subdomains in the cluster, but you want to keep it simple at the CDN level.
Instructions
-
Install an
mt-operator
versionv0.1.7+
. -
Configure a wildcard ingress with the CDN annotation like the example here.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod magnolia.info/cdn-provider: fastly (1) kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/from-to-www-redirect: '"true"' name: opera-wildcard namespace: integration spec: rules: - host: '*.opera.mplatform.int.magnolia-platform.com' http: paths: - backend: service: name: integration-magnolia-helm-public-svc port: name: http pathType: ImplementationSpecific tls: - hosts: - '*.opera.mplatform.int.magnolia-platform.com' secretName: opera-wildcard (2)
1 The CDN provider. 2 The secretName
. -
Ensure the
secretName
from the new wildcard ingress is the same one used in the main ingress containing all subdomains except the wildcard domain itself.tls: - hosts: - test1.opera.mplatform.int.magnolia-platform.com - test1.test.opera.mplatform.int.magnolia-platform.com - test2.test.opera.mplatform.int.magnolia-platform.com secretName: opera-wildcard (1)
1 The secretName
.
The DNS server must be pointed to the wildcard domain. |