Using microk8s on production with VPC

General Discussions microk8s
1

Hi all,
I want to use microk8s in prodution.
I want to deploy my Rest API build with Quarkus into Microk8s.
I’m a begginer with kubernetes.
I have a VPC with ubuntu server, I installed microk8s and enabled some add-on (istio, dasboard, dns, …).
I have a fixe ip address, a domain and subdomains. I also buy wilcard certificat for my domain and subdomains.
My dev environnement is Windows, so I have to package my api and deploy it into microk8s (remote vpc server on which microk8s is installed) using Quarkus Kubernetes client :

%microk8s.quarkus.kubernetes-client.master-url=https://yyy.yy.y.y:16443

[ERROR] Failed to execute goal io.quarkus.platform:quarkus-maven-plugin:2.7.1.Final:build (default) on project enroll-api: Failed to build quarkus application: io.quarkus.bui
lder.BuildException: Build failure: Build failed due to errors
[ERROR]         [error]: Build step io.quarkus.kubernetes.deployment.KubernetesDeployer#deploy threw an exception: java.lang.RuntimeException: Although a Kubernetes deployment was requ
ested, it however cannot take place because there was an error during communication with the API Server at 'https://yyy.yy.y.y:16443/'
[ERROR]         at io.quarkus.kubernetes.deployment.KubernetesDeploy.doCheck(KubernetesDeploy.java:90)

kubernetes-client.master-url (= URL of the Kubernetes API server), however, this IP address (https://yyy.yy.y.y:16443) is local to microk8s on vpc server and is not accessible from outside: So, how do I proceed knowing that I have a fixe ip address, a domain, subdomains and a certificat ?

  1. I want to setup istio on microk8s : Istio ingress, Istio gateway, Certificat (.crt, .key, .ca-bundle)
  2. Setup local registry on vpc and host it for external access (I have a subdomain for this), for now, I use a docker hub repository.
  3. Access K8s Dashboard (I have a subdomain for this)
  4. My Rest API has a PostgreSQL database,
  5. Secure my Rest API with Jwt token (Service to Service Authentication) using keycloak with istio (I have a subdomain for this)
  6. Deploy my Rest API from my Windows PC to Microk8s on VPC and access it securely (istio jwt token security rules) from outside of microk8s and vpc.

API URL (if there is no token provide or wrong token, then UnAutorized):
https://subdomain.my-domain.com/my-rest-api/api/v1/enroll
https://k8s-dashboard.my-domain.com
and so on.

Thank you for your help.