2

I installed a Kubernetes cluster on a Bare-metal sever.

This server contains a Proxmox hypervisor, I have the following virtual machines

  • a pfSense (192.168.9.254)
  • two masters for the Kubernetes cluster (192.168.9.11, 192.168.9.12)
  • two nodes for the Kubernetes cluster (192.168.9.21, 192.168.9.22)

The masters and nodes are both using CoreOS

I provisionned the Kubernetes cluster using Kubespray:

  • Kubernetes version: 1.15.3 kubernetes
  • CNI Calico
  • CRI Docker

I managed to install MetalLB, my configuration is the following one

apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 192.168.9.240/28

I also installed nginx-ingress with the mandatory.yaml file and a simple service

kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: http

Then I applied the yaml file to verify nginx-ingress is working properly

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-nginx
spec:
  selector:
    matchLabels:
      run: my-nginx
  replicas: 2
  template:
    metadata:
      labels:
        run: my-nginx
    spec:
      containers:
      - name: my-nginx
        image: nginx
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: my-nginx
  labels:
    run: my-nginx
spec:
  ports:
  - port: 80
    protocol: TCP
  selector:
    run: my-nginx
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-app-ingress
  annotations: 
     nginx.ingress.kubernetes.io/rewrite-target: /
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - http:
      paths:
      - path: /test
        backend:
          serviceName: my-nginx
          servicePort: 80

When I use the command, kubectl get ingress, I get this answer

NAME                   HOSTS                        ADDRESS         PORTS   AGE
nginx-app-ingress      *                            192.168.9.240   80      19h

I can access the simple nginx server on this URL when connected to the VPN 192.168.9.240/test

Now I would like to be able to access this "website" from the outside world.

I am not sure what to do since there is the pfSense in front of the Kubernetes cluster.

I am thinking about using a reverse proxy like this:

  • An user type in his web browser myDomainName.com
  • it redirects to 192.168.9.240/test

But I am not truly not sure about this solution, as I don't know if it is the best solution for this problem.

PjoterS
  • 615
  • 3
  • 11
sylflo
  • 21
  • 2

0 Answers0