Expose HTTP server workloads outside the cluster manually

You can expose HTTP server workloads outside the cluster by creating an Ingress resource and using cert-manager to provision TLS-signed certificates. To do so:

  1. Using the spring-sensors-consumer-web workload from Bind an application workload to the service instance as an example, create the following Ingress:

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: spring-sensors-consumer-web
 namespace: DEVELOPER-NAMESPACE
 annotations:
   cert-manager.io/cluster-issuer: tap-ingress-selfsigned
   ingress.kubernetes.io/force-ssl-redirect: "true"
   kubernetes.io/ingress.class: contour
   kubernetes.io/tls-acme: "true"
spec:
 tls:
   - secretName: spring-sensors-consumer-web
     hosts:
       - "spring-sensors-consumer-web.INGRESS-DOMAIN"
 rules:
   - host: "spring-sensors-consumer-web.INGRESS-DOMAIN"
     http:
       paths:
         - pathType: Prefix
           path: /
           backend:
             service:
               name: spring-sensors-consumer-web
               port:
                 number: 8080
    • Replace DEVELOPER-NAMESPACE with your developer namespace.
    • Replace INGRESS-DOMAIN with the domain name defined in tap-values.yaml during the installation.
    • Set the annotation cert-manager.io/cluster-issuer to the shared.ingress_issuer value configured during installation or leave it as tap-ingress-selfsigned to use the default value.
    • Update the port exposed by your Service resource, which is set as 8080 in the example.

  2. Access the server workload with HTTPS:

    curl -k https://spring-sensors-consumer-web.INGRESS-DOMAIN
check-circle-line exclamation-circle-line close-line
Scroll to top icon