Skip to content

Networking

DNS with Route53

Simply add the external-dns.alpha.kubernetes.io/hostname annotation to your Ingress for an external resolvable route53 record:

Info

external-dns only watches networking.k8s.io/v1 Ingress resources so do not use Trafiks IngressRule CR.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/acme-challenge-type: dns01
    cert-manager.io/cluster-issuer: letsencrypt
    external-dns.alpha.kubernetes.io/hostname: engineering.sandbox.clearroute.io
    link.argocd.argoproj.io/external-link: https://engineering.sandbox.clearroute.io
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
  labels:
    app: engineering
  name: engineering
spec:
  ingressClassName: traefik
  rules:
  - host: engineering.sandbox.clearroute.io
    http:
      paths:
      - backend:
          service:
            name: engineering
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - engineering.sandbox.clearroute.io
    secretName: engineering-cert

Traefik

How to expose my App externally?

Warning

Be extra careful when exposing your App, as the App will be available in internet

  1. Expose the port your container/pod is serving its UI:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: <app-name>
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: app
        image: clearroute/app
        ports:
            - containerPort: <Port> # change to your applications port
            ...
2. create a service for your Pod + Port:

apiVersion: v1
kind: Service
metadata:
  name: app
spec:
  type: ClusterIP
  selector:
    app: <app-name>
  ports:
  - port: 80
    protocol: TCP
    targetPort: <container port>
3. add an Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    cert-manager.io/acme-challenge-type: dns01
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: traefik-redirect-https@kubernetescrd # http to https redirect
spec:
  ingressClassName: traefik
  rules:
  - host: app.dev.clearroute.io # your hostname
    http:
      paths:
      - backend:
          service:
            name: app # your service name
            port: 
              number: 80 # your service port
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - engineering.dev.clearroute.io #your hostname
    secretName: engineering-cert