What is the best approach for setting up Rancher + Kubernetes with DNS

7/24/2018

First of all, i'm not an expert, so bear with me. I managed to install and setup Rancher in my vcenter at home (got a baremetal setup for free, a bit old, but still ok). I have 3 nodes running well and i can also provision VMs in vmware with it. On top of it, i also added Kubernetes within Rancher. Now, my plan is to deploy services which should get external endpoints (reachable from the internet) and SSL automatically. I already have bought from Namecheap mydomain.com, plus a wildcard certificate for it. Also, in my vcenter i have an nginx server running, and namecheap dns is pointing to it, but i think i should run it in Kubernetes instead, only that i don't want to manage the config files for nginx manually.

What would be the best approach? I fail to understand how the ingress controllers work or set them up correctly. I followed many tutorials and no success so far. I also played around with Traefik, but no success. I always get nothing at the external endpoints section.

I don't want a step by step guide on how to do it, but someone please point me in the right direction, at least. I was also thinking to use Let'sEncrypt, but not sure if it's a good idea since i already have my domain and ssl certs.

Thank you!

-- Cristian Cristian
dns
kubernetes
nginx
rancher
reverse-proxy

1 Answer

7/24/2018

The reason you might be struggling is because when using BareMetal, you don't have an external LoadBalancer provisioned. When using things like Traefik, you need to expose the ingress controller on a NodePort or something else.

If you're using baremetal, you have a couple of options for ingress into the cluster.

MetalLB is one such controller which will use layer2 or BGP configuration to advertise your Services externally. Using metallb, you'll be able to define a service of Type LoadBalancer, like so:

kind: Service
apiVersion: v1
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9376
  type: LoadBalancer

This will provision a LoadBalancer in metallb for you. At this point, you can then start to use an Ingress Controller, by deploying something like traefik, defining a service and then using the LoadBalancer type on the ingress controller.

For TLS, you can have cert-manager provision certificates for you automatically, assuming you DNS resolves to the ingresses you use.

Finally, you automated DNS, consider external-dns

-- jaxxstorm
Source: StackOverflow