Create a Kubernetes TLS Ingress from scratch in Minikube
Vložit
- čas přidán 2. 04. 2018
- HTTPS and TLS are hard! Wrong! This video will prove you wrong. We'll start with an empty cluster and and end up with a web server ready for HTTPS. How can we do all of that in one video? Thanks to the TLS configuration on Kubernetes' Ingress Resource. If you're not familiar with kubectl's more imperative commands, such as 'run', 'create' or 'expose', you'll also be in for a treat!
- Věda a technologie
great job, no messing straight to the point. keep up the good work. The fast pace is good too.
Excellent, code worked flawless and nothing explains better than a working code than pages of documents.
The pace of this video was excellent!
Wowwww this is really incredible. No fuss, no lags, no spins.... No blah blah blah ....STRAIGHT ARROW ONTO TARGET.
Crystal clear and this so easy felt like drinking a starbucks coffee..
super man and thank you very much.
Great tutorial - short and concise!
Well done Sir! 👏
THANK YOU THANK YOU THANK YOU
Simple, great, fast, and to the point.
Keep up the great work man!
Your videos are one of the best explained videos I have seen. Well done. Looking forward to more
Thank you. I don’t have a lot of time at the moment, unfortunately, but I’ll always try to record a video here and there. So stay tuned for more.
wow that's a loud keyboard! Thanks for the great videos, nice and dense with no fluff, just like I like
Great content with clear explanations! You're really doing an awsome job!
Thank you very much!
Awesome thanks , I am looking forward to understand how the whole istio security stack works and your videos have been very useful
Nice!
A couple of words. I needed to play again and again because you go too fast, but may be its a very personal appreciation. However, after not having clear what the documentation means in the TLS subject, you helped me. Thanyou!.
Short and sweet! Love it.
Amazing, thanks for this tutorial. Great explanation.
I love your videos man.Keep up the good work. Cheers!
Thanks so much! That’s super motivating!
awesome content 👌
very cool
Brief, useful and practical
thank you so much 🙏👌
the tutorial is very helping full sir especially about the imperative command to generate the certificate very cool thing!!!
Love ur tutorials, succinct, straight to the point. Nice work and keep it up!
thanks for the great feedback. Didn't have a lot of time lately to add new videos, but definitely will add more in the future!
Awesome!! thank you for this clear explanation.
Best TLS videos on the internet!
Clear crystal explanation thank you very much
Thanks a lot for the clear tutorial !
Just a quick heads-up to anyone following this tutorial line-by-line without thinking: at 4:50 he writes a > while he should have written >>. Having only a single > will overwrite your hosts file, which is pretty undesirable.
Oh, good catch! Completely agree, don't overwrite your hosts file, append to it instead ;-)
@@kubucation and, instead of typing "clear" to clear terminal window just hit ctrl+l (small L)
This is an awesome video for me! Thanks a lot!!!
Thank you so much for saving my life:), this video really helped me a lot , the funny part this video has only 558 viewers, while my son watching toys hot wheels videos each one has over million views :)
Only a matter of time until Kubernetes is more popular than toy cars ;)
Well, today this video has almost 70 000 views. Not exactly at a million yet but hey, its still a big jump!
Awesome tutorial! Thanks a lot.
Straight to the point.
very nice explanation and example
Thank you so much. You really help.. BIG SMILE ::::)
Thank you man, nice video!
very useful for learning.. thanks
Cool, Great job
Thanks for the tutorial. I'm using Docker Desktop default K8S cluser, so what's the equivalent of the cmd : minikube addons enable ingress ?
Great explanation. This example shows TLS termination, is it possible to achieve TLS bridging (end to end encryption) with Ingress ?
@kubucation - which zsh theme are you using???
Nice video, thanks!
Its very nice tutorial! I have question here how can i enable both http and https for the same host?
Very good video. I have added tls to ingress and all external requests are protected. Could you tell how set up tls for internal k8s connection? For example I have auth service that available outhside and inside of k8s.
would be great if you could update this: `error: unable to recognize "base-notebook/ingress.yml": no matches for kind "Ingress" in version "extensions/v1beta1"`
the in depth style is more needed - since this is a tutorial ... = )
And it works!
Thanks for the easy solution - How do we make these keys as trusted tls and use them on internet.
can i use this certificate validation without Ingress host rule? just using http and paths.
Hi there great video ...if you get some time can you add something on kong api gateway as well ...
Thanks!
Hi, I have a cluster of 2 worker node and a master. Now when I create an entry of example.com in the /etc/hosts, which IP should I populate in that. Is it of worker-1 or worker-2 or K8s Master
Good video! Next, how do we create a Let's Encrypt certificate?
good video
Nice, how can I put that bar with green cartel?
Hi! i tried following the instructions but i don't think my ingress is communicating with my service.
I'm doing it in a kubernetes cluster 1 master and 1 worker node.
Do i have to install anything like what you did for the minikube for the real cluster? im using kubeadm, and flannel for networking
Name: nginx
Namespace: default
Address:
Default backend: default-http-backend:80 ()
Rules:
Host Path Backends
---- ---- --------
ghost.whitecloak.io
/ nginx:80 ()
Annotations:
kubectl.kubernetes.io/last-applied-configuration: {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"kubernetes.io/ingress.class":"nginx"},"name":"nginx","namespace":"default"},"spec":{"rules":[{"host":"ghost.whitecloak.io","http":{"paths":[{"backend":{"serviceName":"nginx","servicePort":80},"path":"/"}]}}]}}
kubernetes.io/ingress.class: nginx
---
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx ClusterIP 10.111.219.92 80/TCP 55m
Great !!!
Thanks!
Can we generate live ssl certficate and put it in ingress ? Will it work?
hi thanks for posting this video. i tried following and got everything working up to the point where you access the web server thru the browser. I am getting ```uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT```. When I curl it using those -k and --cacert flags it works fine, I can see the HTML content. What am I doing wrong?
This will only run on my local, right? How can I make it publicly accessible? I want my load balancer service to be accessed publicly with https. I have my application running on kubernetes
Hi, Failed connect to tls.nginx.example.com:443; Connection refused?
At 10:26 what did you do to open the editor to edit the command?
Ctrl X + Ctrl E. Works in any bash-like shell and opens whatever you have configured in $EDITOR, I believe.
so the ingress.yaml still specifies port 80 after switching to tls version?
Yes, the Ingress controller decrypts https to http, so you would tall to your internal services in cleartext http. The way that is ussualy said is "The Ingress Controller does TLS termination." If you really want TLS between your services, then you can use a service mesh like LinkerD or Istio, but even then, it looks to your application as if you're speaking plain text.
@@jaysistar2711 Any example how we can enable TLS all the way from client to the service?
@@sasyachowdary3144 As I said in the previous comment, LinkerD and Istio do TLS all the way to the pod. Within the pod, a sidecar container running an layer 7 proxy (fancy way of saying "understands application protocols like your database and http, etc.") is given all network traffic, and it encrypts and decrypts all traffic entering and leaving the pod. That's called mTLS or "mutual TLS". Installing LinkerD or Istio is easy, but not something that can fit in a comment here. Also, something important to note, in the case of Istio you would use a Gateway and VirtualService instead of an Ingress object.
@@jaysistar2711 thanks for the reply. Let me check them out.
@kubucation how can you remove what you appended in the /etc/hosts file?
just edit /etc/hosts and remove the line when you are done. Probably need 'sudo vi /etc/hosts' if you are not root.
so great subscribe
Can you Make a vidéo for trusted certificat
Which version of ingress is this :O
cool
this echo "$(minikube ip) ..., do you really do that in your real life?
hii ,The video is great but i am getting version error
Hi, I've created ingress but when I type "kubectl get ing" I can't see adress ip of my ingress. What shall I do? Is there option to use ingress without adress ip?
This depends on the type of cluster you are using. On GKE for example you automatically get external loadbalancers on your ingresses, that's the IP shown. If you're running on minikube or a custom on-premise cluster for example, you might not get those.
Yes, I use minikube. When I created nginx I got ip, but when I use other image I don't get IP.
At k8s 1.20 it doesn't work. It is impossible to create Ingress.
I got nervous when he had the single ">" after he said "append". I don't know how to yell ">>", but I'm pretty sure that I was.
Too bad the commands you typed aren't available in the description of the video. Other than that it shouldn't be hard to replicate
Oh, and btw, I just found that post that contains many of the commands, plus a few interesting bits : vocon-it.com/2018/12/31/kubernetes-6-https-applications-via-ingress-controller-on-minikube/
I'm getting 404x when I try exemple.com I did everything you said
example.com with an 'a'. The third letter should be an a.
Evan Armbrister oh god I wrote like my native language thanks
how do you make this shortcut? czcams.com/video/7K0gAYmWWho/video.html
Great video and explanation. Any chance you have an updated one with "networking.k8s.io/v1 Ingress" since extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+