https://rancher.com/ logo
#general
Title
# general
b

brainy-tomato-18651

08/07/2022, 4:50 PM
Hi guys, I’m new on K8's, Rancher, etc, and I need some help I have a TLS wildcard certificate and I generate certificates for a subdomain. Then I’ve deployed a web app in Rancher. I want to know how do I can make that my web app in Rancher use those certificates for a secured connection.
a

ambitious-motherboard-40337

08/07/2022, 6:10 PM
Using ingress
b

brainy-tomato-18651

08/08/2022, 3:45 AM
I know there is Istio but I don’t know how to configure
a

ambitious-motherboard-40337

08/08/2022, 4:55 AM
istio doesn't use ingress, nginx ingress controller is the thing you are looking for, and you are in luck if you installed rke using rancher it's already installed. All you need to do is create an ingress file, you can find instructions on how to format an ingress file on kubernetes docs
OK, some basic definitions, ingress is a general name for inbound rule communication egress is a general name for outbound rule communication. Now with regard to istio, the thing that enforce ingress is a virtualservice + gateway. Now when someone talks about ingress with regard to kubernetes that usually means that he is talking about ingress controller. there are few notable ingress controllers the most common one is nginx ingress controller, you can also find an ingress controller on every popular cloud provider.
With that said, you can also get the same goal using istio (i even prefer istio over ingress controller on some situations), but you need to really understand the difference between the two, and the effort that is needed to "make" each work, if all you need is some routes with some TLS, then using istio would be a overkill, but if you need to enforce a complex network policy with somewhat complex network scheme then you should use istio, i really don't see the point of using istio just for ingress routes
b

brainy-tomato-18651

08/08/2022, 1:06 PM
Is just my company used to use istio. But this is a Stagging environment so they don’t really care if I use Istio or nginx. I just wanted to follow the common practices but if I will get the same result with an easiest way with nginx, maybe on this environment I could consider it. Is just i’m pretty new and I don’t really know how to configure it.
a

ambitious-motherboard-40337

08/08/2022, 1:09 PM
I can help you configure both, but i see very little reason to use istio for this scenario
First let's see if there is an ingress controller installed.
kubectl get svc -A | grep ingress
then there is no nginx-ingress controller installed
b

brainy-tomato-18651

08/08/2022, 1:26 PM
Is not that rke2-ingress-nginx-controller-admission?
a

ambitious-motherboard-40337

08/08/2022, 1:27 PM
missed it yes
this cluster is on the cloud?
b

brainy-tomato-18651

08/08/2022, 1:29 PM
Yes
AWS
EKS
a

ambitious-motherboard-40337

08/08/2022, 1:31 PM
then why the services has no external ip 🤔
there is a chance someone played with this setup, the services are suppose to be of type LB but for some reason they are not
b

brainy-tomato-18651

08/08/2022, 1:34 PM
Every service I installed, was ClusterIP type. Maybe there is any that is installed like LB by default but I can change the type of the service make it LB type
a

ambitious-motherboard-40337

08/08/2022, 7:56 PM
No it should have been LB out of the bix