Update Blog “exposing-an-application-using-ingress-and-tls-termination-on-kubernetes-in-hpe-greenlake-for-private-cloud-enterprise”

Author: GuopingJia

content/blog/exposing-an-application-using-ingress-and-tls-termination-on-kubernetes-in-hpe-greenlake-for-private-cloud-enterprise.md

@@ -24,9 +24,11 @@ This blog post describes the process to expose applications that are deployed an
 
 ### Overview
 
-[HPE GreenLake for Private Cloud Enterprise: Containers](https://www.hpe.com/us/en/greenlake/containers.html), one of the HPE GreenLake cloud services available on the HPE GreenLake for Private Cloud Enterprise, allows customers to create a Kubernetes (K8s) cluster, view details about existing clusters, and deploy containerized applications to the cluster. It provides an enterprise-grade container management service using open source K8s.  
+[HPE GreenLake for Private Cloud Enterprise: Containers](https://www.hpe.com/us/en/greenlake/containers.html) ("containers service"), one of the HPE GreenLake cloud services available on the HPE GreenLake for Private Cloud Enterprise, allows customers to create a K8s cluster and deploy containerized applications to the cluster. It provides an enterprise-grade container management service using open source K8s.  
 
-Once applications are deployed in a cluster, the first thing you can do is to create services to expose the applications. By default, services are created with the service types of *ClusterIP* that support internal connectivity between different components of the applications. In HPE GreenLake for Private Cloud Enterprise: Containers, you can create services with the type of NodePort for the application workloads deployed in K8s clusters using the label hpecp.hpe.com/hpecp-internal-gateway=true. The services will be automatically exposed to a container platform gateway host with assigned ports. The deployed workloads will become accessible externally using the gateway host name and the assigned ports as access URLs. For both service type, *ClusterIP* and NodePort , applications themselves run on HTTP. There is one common requirement to expose the applications to be accessed securely over HTTPS. This requires to get a valid SSL/TLS certificate in K8s and work with load balancers and Ingress.
+Once applications are deployed in a cluster, you can start creating services to expose the applications. By default, services are created with the service types of *ClusterIP* that support internal connectivity between different components of the applications. However, they are not accessible from outside the cluster. Exposing applications and making them securely accessible over HTTPS can be challenging. Generating and managing SSL/TLS certificates for multiple application services deployed in the cluster can be complex. These certificates are necessary for secure service communication and they need to be correctly installed and managed to avoid any access problem and security risks. The K8s Ingress can be configured with TLS termination to support application access over HTTPS. However, setting up K8s Ingress can be intricate. It involves creating a K8s *Secret* to host the certificate and private key, and referencing the Secret in the Ingress resource. It may also require an additional load balancer configuration in the cluster. 
+
+This blog post outlines the comprehensive steps for exposing applications via K8s Ingress and implementing TLS termination on K8s within the HPE GreenLake for Private Cloud Enterprise. The load balancer in the cluster is set up using *MetalLB*. *Cert-manager* is utilized for the creation and management of SSL/TLS certificates, which are stored as a K8s *Secret* object and made accessible to the entire cluster upon creation. Among various Ingress controllers such as Traefik and HAProxy, the Nginx Ingress controller is deployed and configured in the cluster to access and manage the SSL certificate. Despite the complexities, the exposure of applications in K8s over HTTPS is achievable with the appropriate tools and utilities within the HPE GreenLake for Private Cloud Enterprise.
 
 ![](/img/tls-termination-s.png)