Comments (9)
@aledbf I wan't able to run the command you mentioned. But that means the nginx-ingress listens for all other ingresses and registers the new domain names as they appear in the ingresses of the web sites?
By the way, it's working just fine with the two sites. They are up running. Thanks @jackzampolin
from kube-lego.
I've tried different solutions now without success to use kube-lego for multiple web sites.
- Putting kube-lego in one namespace and the web sites in separate namespaces.
- All sites and kube-lego in same namespace.
- Assign each web sites to its own namespace and have a separate kube-lego in each of these namespaces (this should not have to be done as kube-lego should listen for all ingresses in all namespaces).
Has anyone successfully run multiple sites in hje same cluster with kube-lego?
At best one site will get the cert and the second is returning a 404.
from kube-lego.
I've gotten the nginx
example working and updated the docs: #49
I have gotten multiple sites working on the same cluster. If you are using GKE then the nginx solution might be better (faster, no time to warm up the google LB), and cheaper (no paying for it!) so I would encourage you to check that out.
from kube-lego.
@jackzampolin Well done! I will give it a try soon. Then I likely skip the gce load balancer and go straight for the nginx solution.
from kube-lego.
@jackzampolin How did you solve the multisite setup?
I've setup a namespace production that will contain two deployements and services, mobile-web and desktop_web. How do you route the traffic from nginx-ingress to the right service in the production namespace or do you have to have multiple nginx-ingress installations (unless SNI is used)?
It would be nice to be able to just point at the service of each site - for example desktop-web-svc and mobile-web-svc.
@simonswine Simon, what is the proper way to serve multiple services using nginx-ingress?
from kube-lego.
@simonswine I use the one nginx
service that looks like this:
apiVersion: v1
kind: Service
metadata:
name: nginx
namespace: nginx-ingress
spec:
type: LoadBalancer
ports:
- port: 80
name: http
- port: 443
name: https
selector:
app: nginx
Then for each app I make a service and ingress like this:
apiVersion: v1
kind: Service
metadata:
name: service
namespace: service
spec:
ports:
- port: 80
targetPort: 3000
protocol: TCP
type: NodePort
selector:
app: service
---------------
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: serivce
namespace: service
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: "nginx"
spec:
tls:
- hosts:
- foo.bar.com
secretName: service-tls
rules:
- host: foo.bar.com
http:
paths:
- path: /
backend:
serviceName: service
servicePort: 80
And have a namespace for each service/application. Works pretty well.
from kube-lego.
@jackzampolin thanks for your feedback, I really appreciate it!
That is exactly the same way I started, but what I don't understand is how the nginx-ingress knows how to route to either the foo-service or the bar-service. I was thinking about using host headers to route traffic for foo.com to the foo-service and for bar.com to bar-service.
I may have misunderstood how it works - the ingresses for each site do not expose these directly, right? It is the work fir nginx-ingress to route all traffic and terminate TLS for each and every site. They are upstreams.
One solution then is to use a separate nginx-ingress in each namespace - that is foo and bar. However I started out with the namespace production, hoping to gather both site foo and bar within that. But I must perhaps reconsider that.
from kube-lego.
@johnparn the ingress controller is aware of the mapping between services -> enppoints.
To see how its done please execute kubectl exec <nginx ingress pod> cat /etc/nginx/nginx.conf
from kube-lego.
But that means the nginx-ingress listens for all other ingresses and registers the new domain names as they appear in the ingresses of the web sites?
Yes
from kube-lego.
Related Issues (20)
- The tls-sni challenge has been disabled due to strong credibility of a vulnerability report HOT 4
- Adding heptio/contour support HOT 1
- Wildcard Certificate Support HOT 2
- Pull the complete certificate chain HOT 1
- Unsupported ingress class HOT 1
- renewal expiry date is incorrect HOT 1
- Support for Letsencrypt wildcard certificate HOT 1
- Let's Encrypt Wildcard Support HOT 9
- How safe is it to use Kube Lego in producation on v1.9+ of Kubernetes? HOT 2
- If one of the domains in an ingress fails reachability, kube-lego should not try to authorize any of the domains
- Pod kube-lego not starting HOT 4
- read udp i/o timeout HOT 4
- Does not seem to work on k8s 1.8.8-gke.0 HOT 6
- Failed to list *v1beta1.Ingress HOT 1
- creating new secret
- Auto-renewal of certificates is not being triggered in 0.1.6 HOT 2
- Memory Leak?
- kubernetes 1.10 on GCP cant create a GCE loadbalancer ingress without secret
- Add: kubernetes.io/tls-acme: 'true' annotation
- Archive the kube-lego repository
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-lego.