You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/exposing-an-application-using-ingress-and-tls-termination-on-kubernetes-in-hpe-greenlake-for-private-cloud-enterprise.md
+4-9Lines changed: 4 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,12 +28,8 @@ the service type of *ClusterIP*, running on the port 80 over HTTP. Using cert-ma
28
28
29
29
[HPE GreenLake for Private Cloud Enterprise: Containers](https://www.hpe.com/us/en/greenlake/containers.html), one of the HPE GreenLake cloud services available on the HPE GreenLake for Private Cloud Enterprise, allows customers to create a Kubernetes (K8s) cluster, view details about existing clusters, and deploy containerized applications to the cluster. It provides an enterprise-grade container management service using open source K8s.
30
30
31
-
32
-
33
-
After applications being deployed in the cluster, one common requirement is to expose the applications to be accessed securely over HTTPS. This requires to get a valid SSL/TLS certificate in K8s . Generating and managing SSL/TLS certificates in is not always easy. ….
31
+
When application workloads get deployed to the K8s cluster, you can create services to expose the applications. By default, a service is created with the service type of *ClusterIP* that supports internal connectivity between different components of the application. In HPE GreenLake for Private Cloud Enterprise: Containers, you can create services with the type of NodePort for the application workloads deployed in K8s clusters using the label hpecp.hpe.com/hpecp-internal-gateway=true. The services will be automatically exposed to a container platform gateway host with assigned ports. The deployed workloads will become accessible externally using the gateway host name and the assigned ports as access URLs. For both service type, *ClusterIP* and NodePort , applications themselves run on HTTP. There is one common requirement to expose the applications to be accessed securely over HTTPS. This requires to get a valid SSL/TLS certificate in K8s and work with load balancers and Ingress.
34
32
35
-
36
-
37
33
This blog post, I
38
34
39
35
### Prerequisites
@@ -370,7 +366,8 @@ Events:
370
366
Normal Sync 20s nginx-ingress-controller Scheduled for sync
371
367
Normal CreateCertificate 20s cert-manager-ingress-shim Successfully created Certificate "cfe-tls-key-pair"
372
368
```
373
-
### Access deployed Nginx apps
369
+
370
+
\### Access deployed Nginx apps
374
371
375
372
With all Nginx apps, together with the K8s Ingress resource, being deployed to the cluster, all I have to do is to make sure the domain and the subdomain names, i.e., *example.com* & **.nginx.example.com*, point to the the external IP address *'10.6.115.251'* assigned to the *Nginx ingress controller*.
376
373
@@ -419,8 +416,6 @@ Click *Proceed to blue.nginx.example.com (unsafe)*, you then go to the Nginx
419
416
420
417
### Conclusion
421
418
422
-
423
-
424
-
This blog post described the steps to generate a self-signed certificate using cert-manager for K8s in HPE GreenLake for Private Cloud Enterprise. Self-signed certificates provide an easy way to prove your own identity for the applications deployed in K8s cluster. They are a good option for development and testing environments. However, self-signed certificates should not be used for production applications. For production use cases, you can try out cert-manager with [Lets Encrypt](https://letsencrypt.org/). Please refer to [cert-manager documentation](https://cert-manager.io/docs/) on how to use it with the type of *Let’s Encrypt* challenges, as well as other sources than *Let’s Encrypt*.
419
+
This blog post described the steps to generate a self-signed certificate using cert-manager for K8s in HPE GreenLake for Private Cloud Enterprise. Self-signed certificates provide an easy way to prove your own identity for the applications deployed in K8s cluster. They are a good option for development and testing environments. However, self-signed certificates should not be used for production applications. For production use cases, you can try out cert-manager with [Lets Encrypt](https://letsencrypt.org/). Please refer to [cert-manager documentation](https://cert-manager.io/docs/) on how to use it with the type of *Let’s Encrypt* challenges, as well as other sources than *Let’s Encrypt*.
425
420
426
421
Please keep coming back to the [HPE Developer Community blog](https://developer.hpe.com/blog/) to learn more about HPE GreenLake for Private Cloud Enterprise.
0 commit comments