The Kubernetes environment is a setup of a reverse proxy, that automatically detects new ingress routes, creates a Let's Encrypt certificate for them and points the domain name to the right IP. There is no more need to manually manage DNS records or certificates. Publishing new services is easy and very fast. The proxy automatically handles all the routing of the request to the right services.
In more detail, the following components are involved:
- Load balancer: Is created in front of the Kubernetes cluster and passes the requests to the Traefik instances.
- Traefik: Is a reverse proxy and handles the routing of the requests coming from the load balancer to the appropriate services.
- external-dns: Points the DNS records of the services to the load balancer.
- cert-manager: Creates certificates for the services that Traefik is using/serving when proxing the requests.
Currently the following cloud providers are supported (for Kubernetes and DNS services):
Table of content
Locally you have to have the following tools installed:
Make sure that kubectl is able to connect to the cluster and that the current context is configured to the appropriate cluster:
kubectl config current-context
Rename the file
config.yml and adjust the variables for your needs.
The passwords for the users, who can access the dashboard, must be hashed using the following command:
htpasswd -n username
Install the Proxy
To install the proxy, run the command:
python3 proxy install --file config.yml
Install an Application
The file application.yml contains an example configuration of an application. You can only modify the host names
application.example.com in the example to one of your domain names and then run the application by executing:
kubectl apply -f application.yml
The example shows, that it is easy to set up a new service. The important values that should be adjusted at a ingress definition are as already mentioned the domain names and the following values:
certmanager.k8s.io/cluster-issuer: This value defines which issuer should be used to generate the certificate. Currently supported are
letsencrypt-productionto create valid certificates and
letsencrypt-stagingto only create certificates with the staging environment of Let's Encrypt.
secretName: The secret name indicates the secret where the certificate should be stored.
If you are intrested in contributing, feel free to open a pull request. Just make sure that all tests are passing:
python3 -m unittest discover proxy
About Bits is a company based in South Tyrol, Italy. You can find more information about us on our website.
For support, please contact email@example.com.
The MIT License (MIT). Please see the license file for more information.