Expose HTTP server workloads outside the cluster manually

You can expose HTTP server workloads outside the cluster by creating an Ingress resource and using cert-manager to provision TLS-signed certificates. To do so:

  1. Using the spring-sensors-consumer-web workload from Bind an application workload to the service instance as an example, create the following Ingress:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: spring-sensors-consumer-web
      namespace: DEVELOPER-NAMESPACE
      annotations:
        cert-manager.io/cluster-issuer: tap-ingress-selfsigned
        ingress.kubernetes.io/force-ssl-redirect: "true"
        kubernetes.io/ingress.class: contour
        kubernetes.io/tls-acme: "true"
    spec:
      tls:
        - secretName: spring-sensors-consumer-web
          hosts:
            - "spring-sensors-consumer-web.INGRESS-DOMAIN"
      rules:
        - host: "spring-sensors-consumer-web.INGRESS-DOMAIN"
          http:
            paths:
              - pathType: Prefix
                path: /
                backend:
                  service:
                    name: spring-sensors-consumer-web
                    port:
                      number: 8080
    
    • Replace DEVELOPER-NAMESPACE with your developer namespace.
    • Replace INGRESS-DOMAIN with the domain name defined in tap-values.yaml during the installation.
    • Set the annotation cert-manager.io/cluster-issuer to the shared.ingress_issuer value configured during installation or leave it as tap-ingress-selfsigned to use the default value.
    • Update the port exposed by your Service resource, which is set as 8080 in the example.
  2. Access the server workload with HTTPS by running:

    curl -k https://spring-sensors-consumer-web.INGRESS-DOMAIN
    
check-circle-line exclamation-circle-line close-line
Scroll to top icon