2. Create nginx server secret, basically a pair of crt and key file using the following command:
openssl req -newkey rsa:2048 -nodes -keyout nginx.key -x509 -days 365 -out nginx.crt 4. k8s rbac to allow the service account to do things
5. Deploy ingress controller using either daemon set or deployment
6. Use either NodePort service or LoadBalancer to allow access to the daemon set.
The above steps are really just the steps to make sure that the access to the services uses nginx ingress controller.
The next few steps are to deploy the actual application.
1. Deploy your actually application using either pods or replicateset or whatever you prefer.
2. Create an Ingress service which maps path to each app. It is this service also has tls and basic authentication in like the following:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-test
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: TheNameOfK8sSecret
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
spec:
tls:
- hosts:
- foo.bar.com
# This assumes tls-secret exists and the SSL
# certificate contains a CN for foo.bar.com
secretName: tls-secret
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
# This assumes http-svc exists and routes to healthy endpoints
serviceName: http-svc
servicePort: 80
