patternkubernetesMinor
What is the best practise way to expose a service over https in kubernetes without exposing it to the internet?
Viewed 0 times
exposethewithoutexposingwhathttpskuberneteswayinternetservice
Problem
Coming from Docker
When I was still using Docker for running my services I had an nginx reverse proxy that handled issuing and signing certificates through letsencrypt automatically.
Using this setup, I was able to host a public site service.example.com that did nothing but redirect the user to example.com. The benefit of this was that the reverse proxy setup would then issue and get a certificate signed that I could then use internally.
Using a local DNS on my internal network I could then access my internal service service.example.com using a trusted and signed certificate. All without exposing it to the public.
Now in Kubernetes
Now I am slowly learning to use Kubernetes and want to achieve the same result. Is there any best practise/good way to accomplish the same in Kubernetes?
I am currently running an nginx ingress controller paired with cert manager which is working perfectly for all my exposed services.
When I was still using Docker for running my services I had an nginx reverse proxy that handled issuing and signing certificates through letsencrypt automatically.
Using this setup, I was able to host a public site service.example.com that did nothing but redirect the user to example.com. The benefit of this was that the reverse proxy setup would then issue and get a certificate signed that I could then use internally.
Using a local DNS on my internal network I could then access my internal service service.example.com using a trusted and signed certificate. All without exposing it to the public.
Now in Kubernetes
Now I am slowly learning to use Kubernetes and want to achieve the same result. Is there any best practise/good way to accomplish the same in Kubernetes?
I am currently running an nginx ingress controller paired with cert manager which is working perfectly for all my exposed services.
Solution
Have you try to do it by Port Forwarding your configured service with TLS to your local machine ?
I've never tried but it seams to be possible with it.
Maybe you can find something here : https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/
I've never tried but it seams to be possible with it.
Maybe you can find something here : https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/
Context
StackExchange DevOps Q#14762, answer score: 1
Revisions (0)
No revisions yet.