You can expose HTTP server
workloads outside the cluster by creating an Ingress resource and using cert-manager to provision TLS-signed certificates. To do so:
Using the spring-sensors-consumer-web
workload from Bind an application workload to the service instance as an example, create the following Ingress
:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: spring-sensors-consumer-web
namespace: DEVELOPER-NAMESPACE
annotations:
cert-manager.io/cluster-issuer: tap-ingress-selfsigned
ingress.kubernetes.io/force-ssl-redirect: "true"
kubernetes.io/ingress.class: contour
kubernetes.io/tls-acme: "true"
spec:
tls:
- secretName: spring-sensors-consumer-web
hosts:
- "spring-sensors-consumer-web.INGRESS-DOMAIN"
rules:
- host: "spring-sensors-consumer-web.INGRESS-DOMAIN"
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: spring-sensors-consumer-web
port:
number: 8080
DEVELOPER-NAMESPACE
with your developer namespace.INGRESS-DOMAIN
with the domain name defined in tap-values.yaml
during the installation.cert-manager.io/cluster-issuer
to the shared.ingress_issuer
value configured during installation or leave it as tap-ingress-selfsigned
to use the default value.Service
resource, which is set as 8080
in the example.Access the server
workload with HTTPS by running:
curl -k https://spring-sensors-consumer-web.INGRESS-DOMAIN