Ingress Controller

Because we want to install Draft later, we need an Ingress Controller. Ingress is a way to route traffic from the internet to services within your Kubernetes cluster. By using an Ingress Controller, you avoid creating a load balancer for each service.

Using a Helm chart, it is easy to install the nginx-ingress controller:

helm install stable/nginx-ingress --namespace=kube-system --name=nginx-ingress

When you run the above command, a load balancer on a public IP is created in Azure (this guide presumes you use Azure Container Services). Ports 80 and 443 are published. You can check this with:

kubectl --namespace kube-system get services -w nginx-ingress-nginx-ingress-controller

You will need to create an Ingress that makes use of the controller. The Ingress is just a YAML file and helm install command above lists an example:

apiVersion: extensions/v1beta1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                serviceName: exampleService
                servicePort: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
        - hosts:
            - www.example.com
          secretName: example-tls

If you use TLS, you need to create a secret that contains the certificate and key:

apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

In https://github.com/Azure/draft/blob/master/docs/ingress.md, you are asked to use a wildcard domain entry in a domain that you control. I created an A record *.baeke.info with the public IP of the load balancer discussed above.