I will create helm repo for customers. But I'm wondering how you solved the ingress domain name, and ssl parts.
Should I create a custom ingress yaml file for each customer?
Or Should set as follows for each customer?
--set "ingress.hosts[0].host=yourhost.com,ingress.hosts[0].paths[0].path=/"
Related
I have a custom application helm chart with an ingress object which is deployed in production.
Now I need to migrate the ingress source code object from the helm chart to terraform to give control over the object to another team.
Technically no problem with accepting a downtime.
But I want to keep the ingress object from being undeployed by the helm chart during deployment as there is a letsencrypt certificate attached to it.
So is there a possibility to tell helm to keep the ingress object when I remove the ingress in the source of the helm chart during helm upgrade?
found the answer myself in the helm anntotations. https://helm.sh/docs/howto/charts_tips_and_tricks/#tell-helm-not-to-uninstall-a-resource
That mean's you deploy the ingress again via helm chart with the annotation "helm.sh/resource-policy": keep.
Then you remove the ingress from the helm chart and redeploy it.
Now the ingress is still deployed in kubernetes but not anymore under control of the helm release.
Next step is to model/code the ingress in terraform and import the resource via terraform import.
Last step is to test with terraform plan if the imported resource corresponds completely with the coded ingress in terraform
That's it.
You can just keep the helm chart as it is and add details into the terraform, I think it will work.
Terraform will run the plan and apply the helm release and if you set helm config to roll out, in that case, if No changes there no update will get applied to resources like ingress, deployment etc.
With terraform, you can use the Helm provider: https://registry.terraform.io/providers/hashicorp/helm/latest/docs
I have an aks cluster and I want to install a kong ingress controller with my pre-existing IP address, but I can't find a way to set this value when installing with helm
in value.yaml file, I didn't found any loadBalancerIP value that can be set, but in the _helpers.tpl file, I found some mention for the loadBalancerIP field, but I didn't understand how to pass a value to this file.
thanks
you can just do this:
helm template kong/kong --generate-name --set proxy.loadBalancerIP="yourIP"
We are using the default ingress gateway for istio. We would like to create two different ingress gateway for using private and public external load balancer.
Is there any way to achieve this?
See this example, step 3: Deploy a private ingress gateway and mount the new secrets as data volumes by the following command. You may want to edit the helm values of the example, for example remove the mounted volumes with the certificates, change the name of the gateway, the namespace it is deployed to.
I have a working kubernetes cluster where ingress and letsencrypt is working just fine when I use helm charts. I have a deployment not included in a chart that I want to expose using ingress with TLS. How can I do this with kubectl commands?
EDIT: I can manually create an ingress but I don't have a secret so HTTPS won't work. So my question is probably "How to create a secret with letsencrypt to use on a new ingress for an existing deployment"
Google provides a way to do this for their own managed certificates. The documentation for it is at https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs.
I am using traefik as an ingress-controller and want to serve other ingresses via auto-generated letsencrypt certificates and enforce SSL.
I set up traefik with it's official helm chart like this:
helm install stable/traefik --name traefik --set dashboard.enabled=true,dashboard.domain=traefik.mycompany.com,rbac.enabled=true,externalIP=123.456.789.123,ssl.enabled=true,ssl.enforced=true,ssl.permanentRedirect=true,acme.enabled=true,acme.staging=false,acme.challengeType=http-01
How do I need to annotate the ingresses for the apps I need to expose to use an auto-generated letsencrypt certificate?
With this setup traefik.mycompany.com is delivered via SSL with a wild-card certificate of the default host *.example.com:
I digged through the whole traefik documentation (https://docs.traefik.io/) but could only find out how I need to setup the ingresses.