The goal of this guide is to install a web application in Kubernetes running in a Origo OS environment, with automatic provisioning of a DNS domain name and automatic provisioning of a TLS certificate, provisioned by the infrastructure entirely from the Kubernetes configuration.<\/p>\n\n\n\n
For provisioning DNS we will use the Kubernetes project External DNS<\/a> in conjunction with the Origo DNS Services<\/a>. For provisioning TLS certificates we use the Kubernetes project cert-manager<\/a> in conjunction with Let’s Encrypt<\/a>, which of course is the leading provider of free TLS certificates. Cert-manager monitors the ingresses you configure for host names, and provisions TLS certificates from Let’s Encrypt.<\/p>\n\n\n\n The web application we will install and configure https access to, is the excellent Ghost blog application<\/a>.<\/p>\n\n\n\n For the rest of this guide you will be typing commands into a ssh terminal on the control plane of your Origo OS Kubernetes cluster. The procedure to install a Kubernetes cluster and ssh into the control plane server is the same<\/a> as for the other guides<\/a>. You should do this before continuing this guide.<\/p>\n\n\n\n First install Ghost using this yaml file.<\/a> The yaml file creates a Kubernetes deployment and a Kubernetes service. IMPORTANT:<\/strong> Next you must assign add an internal IP address to your Kubernetes cluster using the stack UI by clicking “add internal IP address”. This internal IP address is not really used for anything, but since the Kubernetes service is of type loadbalancer, it needs an IP address in order not to be stuck waiting for one.<\/p>\n\n\n\n Install External DNS using the yaml file distributed<\/a> with the Kubernetes stack.<\/p>\n\n\n\n We need an ingress controller, and use the standard Nginx controller<\/a> for this example.<\/p>\n\n\n\n IMPORTANT:<\/strong> You must now assign another IP address to your Kubernetes cluster using the stack UI by clicking “add IP address mapping”. If your Origo OS environment supports it, you may also click “add external IP address”.<\/p>\n\n\n\n External DNS has no idea that the IP address it is seeing is not actually an external one, wo we have to help it a little.<\/p>\n\n\n\n NOTE:<\/strong> This only needs to be done, if you are using an “ipmapping” in Origo OS.<\/p>\n\n\n\n The Nginx ingress controller will typically listen on a single IP address and route incoming requests based on host names. If we annotate the ingress controller with our desired domain name, DNS registration should happen automatically. You can verify that the domain name is actually registered using the Origo DNS Service UI<\/a>. To annotate your new ingress, replace “your-domain-name” with your actual domain name, and type this command:<\/p>\n\n\n\n Install cert-manager from the yaml file the developer has made available:<\/p>\n\n\n\n Configure cert-manager by editing and applying this <\/a>yaml<\/a> <\/a>file.<\/a> Please replace “your-email@uncloud.co” with your email address:<\/p>\n\n\n\n
External DNS monitors your Kubernetes loadbalancers and ingresses for domain name annotations, and integrates with your DNS provider to create, update and delete domain names in DNS. For this example we will of course use the the Origo DNS Services<\/a>. You must either be using Origo Cloud or an on-prem Origo OS installation that is linked to Origo Registry, to access the Origo DNS Services. You may import your own domain names into Origo DNS Services, but every user also has access to the default domain “uncloud.co”, so that’s what we’ll be using for this example. External DNS comes with baked-in support for a number of cloud vendors – they call these “providers”. We have built our own provider<\/a>, and hope to have it included in the project sometime in the future. For now, we simply use our own custom External DNS Docker image with our provider included.<\/p>\n\n\n\nInstall Ghost to your Kubernetes cluster<\/h2>\n\n\n\n
After typing in the command below, the yaml file will be opened in your default editor. Please change “your-domain-name” to whatever domain name you want to create in the uncloud.co zone (i.e. change “your-domain-name.uncloud.co” to “something-else.uncloud.co”), and save the file.<\/p>\n\n\n\nkubectl apply -f https:\/\/pub.origo.io\/support\/attachments\/download\/126\/ghost4.yaml\nkubectl edit -f https:\/\/pub.origo.io\/support\/attachments\/download\/126\/ghost4.yaml<\/code><\/pre>\n\n\n\nInstall External DNS<\/h2>\n\n\n\n
kubectl apply -f external-dns-stabile-test.yaml<\/code><\/pre>\n\n\n\nInstall the Nginx ingress Controller<\/h2>\n\n\n\n
kubectl apply -f https:\/\/raw.githubusercontent.com\/kubernetes\/ingress-nginx\/controller-v1.1.1\/deploy\/static\/provider\/cloud\/deploy.yaml<\/code><\/pre>\n\n\n\nPatch the ingress controller with the external IP address you were just assigned<\/h2>\n\n\n\n
kubectl patch svc ingress-nginx-controller -p '{\"spec\":{\"externalIPs\":[\"xx.xx.xx.xx\"]}}' -n ingress-nginx<\/code><\/pre>\n\n\n\nAnnotate the ingress controller with your domain name<\/h2>\n\n\n\n
kubectl -n ingress-nginx annotate service ingress-nginx-controller \"external-dns.alpha.kubernetes.io\/hostname=your-domain-name.uncloud.co\"<\/code><\/pre>\n\n\n\nInstall cert-manager<\/h2>\n\n\n\n
kubectl apply --validate=false -f https:\/\/github.com\/jetstack\/cert-manager\/releases\/download\/v1.7.1\/cert-manager.yaml<\/code><\/pre>\n\n\n\nConfigure cert-manager for Let’s Encrypt<\/h2>\n\n\n\n
kubectl apply -f https:\/\/pub.origo.io\/support\/attachments\/download\/129\/certmanager-acme.yaml\nkubectl edit -f https:\/\/pub.origo.io\/support\/attachments\/download\/129\/certmanager-acme.yaml<\/code><\/pre>\n\n\n\nCreate the actual ingress<\/h2>\n\n\n\n