Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
b
brainy-tomato-18651
08/07/2022, 4:50 PMHi guys, I’m new on K8's, Rancher, etc, and I need some help
I have a TLS wildcard certificate and I generate certificates for a subdomain.
Then I’ve deployed a web app in Rancher.
I want to know how do I can make that my web app in Rancher use those certificates for a secured connection.
a
ambitious-motherboard-40337
08/07/2022, 6:10 PMUsing ingress
b
brainy-tomato-18651
08/08/2022, 3:45 AMI know there is Istio but I don’t know how to configure
a
ambitious-motherboard-40337
08/08/2022, 4:55 AMistio doesn't use ingress, nginx ingress controller is the thing you are looking for, and you are in luck if you installed rke using rancher it's already installed.
All you need to do is create an ingress file, you can find instructions on how to format an ingress file on kubernetes docs
OK, some basic definitions,
ingress is a general name for inbound rule communication
egress is a general name for outbound rule communication.
Now with regard to istio, the thing that enforce ingress is a virtualservice + gateway.
Now when someone talks about ingress with regard to kubernetes that usually means that he is talking about ingress controller.
there are few notable ingress controllers the most common one is nginx ingress controller, you can also find an ingress controller on every popular cloud provider.
With that said, you can also get the same goal using istio (i even prefer istio over ingress controller on some situations), but you need to really understand the difference between the two, and the effort that is needed to "make" each work, if all you need is some routes with some TLS, then using istio would be a overkill, but if you need to enforce a complex network policy with somewhat complex network scheme then you should use istio, i really don't see the point of using istio just for ingress routes
b
brainy-tomato-18651
08/08/2022, 1:06 PMIs just my company used to use istio. But this is a Stagging environment so they don’t really care if I use Istio or nginx. I just wanted to follow the common practices but if I will get the same result with an easiest way with nginx, maybe on this environment I could consider it.
Is just i’m pretty new and I don’t really know how to configure it.
a
ambitious-motherboard-40337
08/08/2022, 1:09 PMI can help you configure both, but i see very little reason to use istio for this scenario
First let's see if there is an ingress controller installed.
kubectl get svc -A | grep ingressthen there is no nginx-ingress controller installed
b
brainy-tomato-18651
08/08/2022, 1:26 PMIs not that rke2-ingress-nginx-controller-admission?
a
ambitious-motherboard-40337
08/08/2022, 1:27 PMmissed it yes
this cluster is on the cloud?
b
brainy-tomato-18651
08/08/2022, 1:29 PMYes
AWS
EKS
a
ambitious-motherboard-40337
08/08/2022, 1:31 PMthen why the services has no external ip 🤔
there is a chance someone played with this setup, the services are suppose to be of type LB but for some reason they are not
b
brainy-tomato-18651
08/08/2022, 1:34 PMEvery service I installed, was ClusterIP type. Maybe there is any that is installed like LB by default but I can change the type of the service make it LB type
a
ambitious-motherboard-40337
08/08/2022, 7:56 PMNo it should have been LB out of the bix