README ¶
Nginx https service
This example creates a basic nginx https service useful in verifying proof of concept, keys, secrets, and end-to-end https service creation in kubernetes. It uses an nginx server block to serve the index page over both http and https.
Generate certificates
First generate a self signed rsa key and certificate that the server can use for TLS. This step invokes the make_secret.go script in the same directory, which uses the kubernetes api to generate a secret json config in /tmp/secret.json.
$ make keys secret KEY=/tmp/nginx.key CERT=/tmp/nginx.crt SECRET=/tmp/secret.json
Create a https nginx application running in a kubernetes cluster
You need a running kubernetes cluster for this to work.
$ kubectl create -f /tmp/secret.json
secrets/nginxsecret
$ kubectl create -f examples/https-nginx/nginx-app.yaml
services/nginxsvc
replicationcontrollers/my-nginx
$ kubectl get svc nginxsvc -o json
...
{
"name": "http",
"protocol": "TCP",
"port": 80,
"targetPort": 80,
"nodePort": 30849
},
{
"name": "https",
"protocol": "TCP",
"port": 443,
"targetPort": 443,
"nodePort": 30744
}
...
$ kubectl get nodes -o json | grep ExternalIP -A 2
...
"type": "ExternalIP",
"address": "104.197.63.17"
}
--
"type": "ExternalIP",
"address": "104.154.89.170"
}
...
$ curl https://nodeip:30744 -k
...
<title>Welcome to nginx!</title>
...
For more information on how to run this in a kubernetes cluster, please see the user-guide.
Documentation ¶
Overview ¶
A small script that converts the given open ssl public/private keys to a secret that it writes to stdout as json. Most common use case is to create a secret from self signed certificates used to authenticate with a devserver. Usage: go run make_secret.go -crt ca.crt -key priv.key > secret.json