Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.12.6
Cloud being used: Azure Kubernetes Service
Installation method:
Host OS: Terraform
CNI and version:
CRI and version:
I want to set up in one kubernetes cluster, multiples environments of some web application of this way:
-
dev.my-domain.org
to development environment -
sandbox.my-domain.org
to the sandbox environment -
production.my-domain.org
to the production environment
Currently, I have the dev.mydomain.org
of this way:
- a kong installation (include
kong-ingress-controller
)- Kong Postgres database
- My application service installed via helm chart pulled from Azure Container Registry.
I am thinking in an implement with that same approach to sandbox and production environments each of them in their respective namespace, and I have the doubt with relation to kong-ingress-controller
:
- Should Is there one
kong-ingress-controller
by each environment. This means:
Or
- Should Is there just one
kong-ingress-controller
which works and manage all the different ingress resources existing in the different namespaces, but each domain point to the same kong-ingress-controller…? This means:
Is this possible?
I am not sure about how kong does it’s magic, but for example nginx-ingress stays in it’s own namespace and monitors each of the other namespaces. and when you configure an ingress in a namespaces it just applies the configuration (creates an ingress for that namespace) using whatever rules you set up for it. including domains.
Is the philosophy of an ingress controller is manage many domains doesn’t it?
Currently, in my dev.my-domain.org environment my-ingress-application
resource is pointing to my kong-ingress-controller, via kong-proxy public IP address:
âź© kubectl get ingress my-ingress-application
NAME HOSTS ADDRESS PORTS AGE
my-ingress-application dev.mydomain.org same-IP-Address 80, 443 103m
[I]
âź© kubectl get svc/kong-proxy -n kong
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kong-proxy LoadBalancer 10.0.174.245 same-IP-Address 80:31166/TCP,443:31525/TCP 3h42m
[I]
âź©
I have one doubt in order to have only one database to all these environments.
Should each of them to be configured in only one ingress resource?
This means of this way:
apiVersion: configuration.konghq.com/v1
kind: KongIngress
metadata:
name: kong-ingress-config
namespace: default
proxy:
protocols:
- http
- https
path: /
route:
methods:
- POST
- GET
strip_path: false
preserve_host: true
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-ingress-application
#namespace: default
annotations:
kubernetes.io/ingress.class: "kong"
certmanager.k8s.io/cluster-issuer: letsencrypt-prod # letsencrypt-staging
# We are indicating the KongIngress resource
configuration.konghq.com: kong-ingress-config
certmanager.k8s.io/acme-challenge-type: http01
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/acme-http01-edit-in-place: "true"
spec:
rules:
# DEV ENVIRONMENT
- host: dev.mydomain.org
http:
paths:
- path: "/"
backend:
serviceName: myapp
servicePort: 80
# SANDBOX ENVIRONMENT
- host: sandbox.mydomain.org
http:
paths:
- path: "/"
backend:
serviceName: myapp
servicePort: 80
tls:
- hosts:
- dev.mydomain.org
- sandbox.mydomain.org
- production.mydomain.org
secretName: letsencrypt-prod #letsencrypt-staging
So, is possible that my my-ingress-application
resource could to have multiple hosts pointing the same kong-ingress-controller
(kong-proxy
) and using the same secretName
?
Maybe something like this: ?
âź© kubectl get ingress my-ingress-application
NAME HOSTS ADDRESS PORTS AGE
my-ingress-application dev.mydomain.org same-IP-Address 80, 443 103m
sandbox.mydomain.org same-IP-Address 80, 443 103m
production.mydomain.org same-IP-Address 80, 443 103m
[I]
Could to be this a correct approach?