/private-public-kubernetes-apps

A demo for my blog post about how to deploy public and private applications with Let's Encrypt certificates in a Kubernetes cluster using NGINX Ingress, External DNS and Cert Manager

Primary LanguageHCL

private-public-kubernetes-apps

This is a demo repository for the Deploying public and private applications in Kubernetes blog post. All detailed information and explanations about this repository can be found in the blog post.

Running the project

Make sure you have Devbox installed. This will manage all the dependencies of the project.

  1. Install dependencies of the project
devbox shell
  1. Export your Vultr credentials
export VULTR_API_KEY=BRYAAFNWHYEFY2ZHGTQSDZCHEA
  1. Create the Kubernetes cluster
cd infrastructure
tofu init
tofu apply

This will create the Kubernetes cluster for you using Opentofu.

  1. Create kube-config file
vultr-cli kubernetes config $(tofu output -raw cluster_id) | base64 -d >> ~/.kube/config
cd ..
  1. Install Kubernetes Reflector
devbox run reflector
  1. Create Vultr secrets and namespaces that will be used later
kubectl create namespace cert-manager
kubectl create namespace ingress-nginx
kubectl create secret generic vultr-credentials -n ingress-nginx --from-literal=apiKey=$VULTR_API_KEY
kubectl label secret vultr-credentials -n ingress-nginx created-manually=true
kubectl annotate secret vultr-credentials -n ingress-nginx reflector.v1.k8s.emberstack.com/reflection-auto-namespaces=kube-system,cert-manager
kubectl annotate secret vultr-credentials -n ingress-nginx reflector.v1.k8s.emberstack.com/reflection-allowed="true"
kubectl annotate secret vultr-credentials -n ingress-nginx reflector.v1.k8s.emberstack.com/reflection-auto-enabled="true"
  1. Install NGINX Ingress
devbox run nginx-ingress
  1. Install Cert Manager
devbox run cert-manager

It might take a while for the certificate to get healthy.

  1. Install External-DNS
devbox run external-dns

It might take a while for records to be created and propagated by the DNS provider.

  1. Deploy public application
devbox run public-app

Make sure you can access the public application using your browser.

  1. Deploy private application
devbox run private-app

The private app will be accessible only within the Kubernetes network. You can test this by running:

kubectl run curl --image=nginx:alpine
kubectl exec -it curl -- curl https://private-app.demosfelipetrindade.top