I am deploying a Socket.IO and NodeJs based application on Kubernetes. I found that with the following configuration of Service I can maintain client stickiness very easily,
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-service
labels:
app: my-service
spec:
replicas: 3
template:
metadata:
labels:
app: my-service
spec:
containers:
- image: gcr.io/app_name/my-service:latest
imagePullPolicy: Always
name: my-service
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: my-service
annotations:
traefik.backend.loadbalancer.stickiness: "true"
labels:
app: my-service
spec:
type: LoadBalancer
sessionAffinity: "ClientIP"
ports:
- name: my-service
port: 80
protocol: TCP
targetPort: 4000
selector:
app: my-serviceNow, I am stuck with adding SSL Certs. I am not able to get a documentation or resource to add SSL Certs for Service of Type LoadBalancer. Is it Possible? if it is then, how can I dot it?
If it is not possible at all is there any other way? I am using GKE on GCP. Can anyone help me with this? thanks.
It looks kind of weird as you mention traefik in your annotations. Still, managing cert for this case is almost impossible≥ It would have to be supported on cloud provider level based on annotations cause there is no explicit way to bound tls certificate with particular service/port, not to mention automated certificates like with cert-manager/ingress.
To achieve that you should use some kind of API gateway / ingress controller, that can handle this for you instead of exposing your service directly, or implement TLS support in your application.