Add on: Ingress

This addon adds an NGINX Ingress Controller for MicroK8s. It is enabled by running the command:

microk8s enable ingress

With the Ingress addon enabled, a HTTP/HTTPS ingress rule can be created with an Ingress resource. For example:

kind: Ingress
  name: http-ingress
  - http:
      - path: /
          serviceName: some-service
          servicePort: 80

Additionally, the ingress addon can be configured to expose TCP and UDP services by editing the nginx-ingress-tcp-microk8s-conf and nginx-ingress-udp-microk8s-conf ConfigMaps respectively, and then exposing the port in the Ingress controller.

For example, here a Redis service is exposed via TCP:

apiVersion: v1
kind: ConfigMap
  name: nginx-ingress-tcp-microk8s-conf
  namespace: ingress
  6379: "default/redis:6379"
apiVersion: apps/v1
kind: DaemonSet
  name: nginx-ingress-microk8s-controller
  namespace: ingress
      - name: nginx-ingress-microk8s
        - containerPort: 80
        - containerPort: 443
        - name: proxied-tcp-6379
          containerPort: 6379
          hostPort: 6379
          protocol: TCP

Wondering what will be recommended way to have microk8s service multiple wildcard https subdomains, e.g. *, *

At moment it seems to be impossible without heavily changing internals

We recently merged a PR [1] that would allow you to set the default-ssl-certificate [2] via a secret while enabling the ingress add-on:

microk8s enable ingress:default-ssl-certificate=namespace/secret_name

This work is on latest/edge and will be officially out with the 1.19 release.


Yes but this one going to work only if we have single wildcard certificate per cluster, e.g. if I have * indeed I can use it as default one with proposed default-ssl-certificate setting which is awesome and at least solves half of problem

The problem still persists if cluster is serving multiple wildcard domains, e.g. *, * - we can not use any of them as deafult cert

So at moment it seems that the easiest way will be ho have N clusters where N is number of wildcard certificates or hack ingress