Discussion on: Exposing a Feathers.JS HTTP API in Kubernetes using Ingress

[John Jung]

This is awesome! Just want to add to it for those who also want https when using an ingress. With GKE thou, I usually use a built in loadbalancer directly from the service so that we can https by pointing your DNS to that external static IP GCP assigns.

But for those who are interested in how to attach certs directly via ingress:

So first you'd start out with a secrets file:

apiVersion: v1
data:
  tls.crt: <base64 encoded cert file>
kind: Secret
metadata:
  name: think-engineer-com-cert
  namespace: default
type: Opaque

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress
  namespace: default
spec:
  rules:
  - host: rest.think-engineer.com
    http:
      paths:
      - backend:
          serviceName: restfulapi-service
          servicePort: 3030
  tls:
  - hosts:
    - rest.think-engineer.com
    secretName: think-engineer-com-cert

[Andrejus Kostarevas]

Awesome, thanks! This is a really good supplement to the article for adding in security on top of k8s' scalability and reliability.