Hi guys I m new on K8 s Rancher etc and I need some help I h rancher-users #general

Title

# general

brainy-tomato-18651

08/07/2022, 4:50 PM

Hi guys, I’m new on K8's, Rancher, etc, and I need some help I have a TLS wildcard certificate and I generate certificates for a subdomain. Then I’ve deployed a web app in Rancher. I want to know how do I can make that my web app in Rancher use those certificates for a secured connection.

ambitious-motherboard-40337

08/07/2022, 6:10 PM

Using ingress

brainy-tomato-18651

08/08/2022, 3:45 AM

I know there is Istio but I don’t know how to configure

ambitious-motherboard-40337

08/08/2022, 4:55 AM

istio doesn't use ingress, nginx ingress controller is the thing you are looking for, and you are in luck if you installed rke using rancher it's already installed. All you need to do is create an ingress file, you can find instructions on how to format an ingress file on kubernetes docs

OK, some basic definitions, ingress is a general name for inbound rule communication egress is a general name for outbound rule communication. Now with regard to istio, the thing that enforce ingress is a virtualservice + gateway. Now when someone talks about ingress with regard to kubernetes that usually means that he is talking about ingress controller. there are few notable ingress controllers the most common one is nginx ingress controller, you can also find an ingress controller on every popular cloud provider.

With that said, you can also get the same goal using istio (i even prefer istio over ingress controller on some situations), but you need to really understand the difference between the two, and the effort that is needed to "make" each work, if all you need is some routes with some TLS, then using istio would be a overkill, but if you need to enforce a complex network policy with somewhat complex network scheme then you should use istio, i really don't see the point of using istio just for ingress routes

brainy-tomato-18651

08/08/2022, 1:06 PM

Is just my company used to use istio. But this is a Stagging environment so they don’t really care if I use Istio or nginx. I just wanted to follow the common practices but if I will get the same result with an easiest way with nginx, maybe on this environment I could consider it. Is just i’m pretty new and I don’t really know how to configure it.

ambitious-motherboard-40337

08/08/2022, 1:09 PM

I can help you configure both, but i see very little reason to use istio for this scenario

First let's see if there is an ingress controller installed.

kubectl get svc -A | grep ingress

then there is no nginx-ingress controller installed

brainy-tomato-18651

08/08/2022, 1:26 PM

Is not that rke2-ingress-nginx-controller-admission?

ambitious-motherboard-40337

08/08/2022, 1:27 PM

missed it yes

this cluster is on the cloud?

brainy-tomato-18651

08/08/2022, 1:29 PM

Yes

AWS

EKS

ambitious-motherboard-40337

08/08/2022, 1:31 PM

then why the services has no external ip 🤔

there is a chance someone played with this setup, the services are suppose to be of type LB but for some reason they are not

brainy-tomato-18651

08/08/2022, 1:34 PM

Every service I installed, was ClusterIP type. Maybe there is any that is installed like LB by default but I can change the type of the service make it LB type

ambitious-motherboard-40337

08/08/2022, 7:56 PM

No it should have been LB out of the bix