I tried to move new server at work. I wanted to install k8s but this time i used microk8s. Microk8s, lightweight k8s deployment tool. It can be easy to manage after read a few documents about it.<\/p>\n\n\n\n
I am using Ubuntu on server via following command script<\/p>\n\n\n\n
sudo snap install microk8s --classic<\/code><\/pre>\n\n\n\nSource : https:\/\/ubuntu.com\/tutorials\/install-a-local-kubernetes-with-microk8s#2-deploying-microk8s<\/p>\n\n\n\n
Afterwards i created yaml files and applied to k8s and i enabled ingress to serve apis which i installed. <\/p>\n\n\n\n
apiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n name: ingress-service\n annotations:\n kubernetes.io\/ingress.class: nginx\n nginx.ingress.kubernetes.io\/use-regex: 'true'\n nginx.ingress.kubernetes.io\/rewrite-target: \/$1\n nginx.ingress.kubernetes.io\/enable-access-log: \"false\"\n nginx.ingress.kubernetes.io\/configuration-snippet: |-\n proxy_ssl_server_name on;\n proxy_ssl_name $host;\nspec:\n tls:\n - hosts:\n - your-domain-name.com\n secretName: tls-secret-2\n#testsecret-tls\n rules:\n - host: your-domain-name.com\n http:\n paths:\n - path: \/?(.*)\n pathType: Prefix\n # UPDATE THIS LINE ABOVE\n backend:\n service:\n name: appointment-cluster-ip-service\n port:\n number: 8080\ningressClassName: public<\/code><\/pre>\n\n\n\nAlso i want to enable tls for secure connection. After a few researches , i understand that i have to create new crt and private key.<\/p>\n\n\n\n
System admin has sent pfx file to enable tls. I apllied following command to create key file from pfx.<\/p>\n\n\n\n
openssl pkcs12 -in pfx-filename.pfx -nocerts -out key-filename.key<\/code><\/pre>\n\n\n\nSecond step creating decrypted file<\/p>\n\n\n\n
openssl rsa -in key-filename.key -out key-filename-decrypted.key<\/code><\/pre>\n\n\n\nThird step , creating crt file<\/p>\n\n\n\n
openssl pkcs12 -in pfx-filename.pfx -clcerts -nokeys -out crt-filename.crt<\/code><\/pre>\n\n\n\nFourth step, creating secret on k8s<\/p>\n\n\n\n
kubectl create secret tls tls-secret-2 --cert crt-filename.crt --key key-filename-decrypted.key<\/code><\/pre>\n\n\n\nConsequently, i applied yaml file via following command.<\/p>\n\n\n\n
microk8s kubectl apply -f your-ingress.yml<\/code><\/pre>\n\n\n\nAnd test if it is done via following command. But i want to mention about this point. After i applied all steps i tried if it was accepting https requests. But it did not. So i went to take a cup of tea and came back about five or ten minutes later. I tested again and it was done \ud83d\ude42<\/p>\n\n\n\n
An edit, i realized that i have to concatenate intermediate cert to created primary crt file via following command. Because of following error, Javax.Net.Ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found<\/p>\n\n\n\n
cat your_domain_name.crt DigiCertCA.crt >> bundle.crt<\/code><\/pre>\n\n\n\nSource: Nginx: Create CSR & Install SSL Certificate (OpenSSL), DigiCert, <\/p>\n\n\n\n