Skip to content

Latest commit

 

History

History
35 lines (28 loc) · 2.04 KB

README.md

File metadata and controls

35 lines (28 loc) · 2.04 KB

Example Deployment

This is a simple example deployment for creating a deployment on a Datica Compliant Kubernetes Service cluster. We recommend using this as a baseline to expand off of to use Ingress configurations instead of loadbalancer services.

Any value in braces is something you should replace, not something that Kubernetes understands.

The ingress host_name should either be a DNS CNAME record pointing to the ingress-controller loadbalancer address, or the loadbalancer address itself for testing. The ingress-controller address can be found under the EXTERNAL-IP section in the output of the following command:

kubectl -n ingress-nginx get svc/ingress-nginx -o wide

The template.sh script can be used to generate valid kubernetes YAML off of the provided templates. The new YAML files will be located at ./{{deployment_name}}/

./template.sh --deployment hello --namespace default --image datica/nginx-hello:latest --port 1234 --hostname my.cname.com

Use the following command to generate self-signed certificates for development:

./certs.sh --deployment hello --hostname my.cname.com

To create the deployment, run:

kubectl -n default create secret tls hello-tls --cert=./hello/cert.pem --key=./hello/key.pem
kubectl apply -f ./hello/deployment.yaml
kubectl apply -f ./hello/service.yaml
kubectl apply -f ./hello/ingress.yaml

You should be able to reach your deployment with:

curl -k https://{{host_name}}

NOTE: If you are using self-signed certificates, or certificates signed by a non-public CA, your browser will consider the connection to be insecure, however it will still be encrypted. In order for your browser to recognize your certificates, you will need to use a public certificate authority, such as Let's Encrypt, to create your certificates. For development purposes, it is ok to use self-signed certs and ignore the browser warning.