New to K8s and facing an implementation dilemma. I need to deploy a K8s cluster for multiple NGINX-PHP websites, each with its own domain. The number of websites hosted can increase/decrease regularly, with hundreds/thousands of them deployed at any given time. I have excluded the PHP part to keep the question simple.
Scenario 1 - vhost and SSL termination at ingress
Pros:
Possibly a con?
Scenario 2 - vhost and SSL termination at pod level
Pros:
Cons:
Which one of above scenario is better suited? Are there any other possible scenarios for given problem?
If you'd like to just avoid having hundreds of services you can set up a single nginx ingress controller (with a single ingress class in your cluster) and then create multiple Ingresses using the single ingress controller. (It can also be a single Ingress if you'd like, with hostname-based routing)
This controller basically runs in a deployment with multiple pods and can scale up and down (for example using an HPA or/and the cluster autoscaler or/and the VPA).
The nginx controller takes care of reloading nginx with the new configs everytime you changed them (with no downtime). You can also have an SSL termination per Kubernetes Ingress, so if you have multiple domains that can also be handled.
Hope it helps!
go with scenario 1 using nginx ingress controller.
we use it to route external users to multiple apps running in k8s cluster