- Will use ELB
- Will use wildcard cert provided by AWS (https://console.aws.amazon.com/acm/)
This installs a set of resources.
Using helm:
helm install stable/nginx-ingress --name my-nginx
To copy from the site:
Change line of the file provider/aws/service-l7.yaml replacing the dummy id with a valid one "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the ELB Idle Timeouts section for additional information. If a change is required, users will need to update the value of service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout in provider/aws/service-l7.yaml
Then execute:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml
This example creates an ELB with just two listeners, one in port 80 and another in port 443
The basic idea is to install nginx-ingress as a pod and set of resources on kubernetes. Then, a single AWS ELB routes traffic to the nginx-ingress service/controller. All the TLS stuff is taken care of by the ELB (which has a wildcard cert for our domain).
For each app/service that we want to expose, we create an ingress entry that targets the nginx controller.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-omicidx-test
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: omicidx-test.cancerdatasci.org
http:
paths:
- path: /
backend:
serviceName: omicidx-fastapi
servicePort: 80