sidenote: the image is from the traefik website.
Previously, I have been accessing the internal services on the cluster by pointing the browser to a port on a specific ip address. It works, and there’s nothing wrong with it as long as the ip address doesn’t change…and you remember it. However if I want to share a service with someone, I didn’t want to have them input an ip address or have to write it down. It’s so much simpler to give them a domain name. service.local, something like that. This is exactly how it works now!
The cluster now uses Traefik as an Ingress Controller which routes traffic to a specific service. Think of the cluster as a house. The domain gets you to the house, but the ingress controller gets you to a specific room in the house.
The Setup
The setup is quite fun and pretty simple. I have all the traefic routes declared in an infrastructure directory with each route having it’s own yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: servicename
namespace: namespace
spec:
entryPoints:
- web
routes:
- match: Host(`servicename.local`)
kind: Rule
services:
- name: servicename
port: ####Then it’s added to the kustomization.yaml in staging. That’s it for the repo files! Quick and painless….but wait. Remember how I said the DNS gets you to the cluster? There is an added step for firewalls that block entry. You need to add a rule for the domain to get there so that the ingress controller takes over.
GitHub repo: https://github.com/OMTut/lab
