I am a newbie to Kubernetes platform trying to enable HTTPS secure connection of tomcat web app deployed in Kubernetes platform. I am confused on manifest.yml pertaining to deployment, service and ingress controller.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-webapp
spec:
selector:
matchLabels:
app: tomcat-webapp
replicas: 1
template:
metadata:
labels:
app: tomcat-webapp
spec:
containers:
- name: tomcat-webapp
image: registry.central/*****
imagePullPolicy: Always
securityContext:
runAsUser: 13113
runAsGroup: 602
ports:
- containerPort: 8080
env:
- name: JAVA_OPTS
value: "-Xms128M -Xmx256M -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=256m"
- name: CATALINA_OPTS
value: "-Djavax.net.ssl.trustStore=/opt/apache-tomcat-8.5.32/webapps/ROOT/tomcat.jks -Djavax.net.ssl.trustStorePassword=****"
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-webapp
labels:
app: tomcat-webapp
spec:
ports:
- port: 80
targetPort: 8080
#nodePort: 30010
protocol: TCP
name: http
selector:
app: tomcat-webapp
---
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-webapp
spec:
rules:
- host: "tomcat-webapp.apps.net"
http:
paths:
- path: /
backend:
serviceName: tomcat-webapp
servicePort: 80
tls:
- hosts:
# dont forget to update this url too
- "tomcat-webapp.apps.net"
So do I have to specify port 8443 (Https port) also in deployment (under ports: - containerPort: 8080) service (like ports: - port: 80 targetPort: 8080 protocol: TCP name: http) and ingress (under backend:serviceName: tomcat-webapp servicePort: 80) ?
Keep it simple:
apiVersion: v1
kind: Service
metadata:
name: tomcat-webapp
labels:
app: tomcat-webapp
spec:
ports:
- port: 8080
selector:
app: tomcat-webapp
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-webapp
spec:
rules:
- host: "tomcat-webapp.apps.net"
http:
paths:
- path: /
backend:
serviceName: tomcat-webapp
servicePort: 8080
tls:
- hosts:
- "tomcat-webapp.apps.net"`
As far as I understand from your Deployment configuration, your Java application runs on port 8080 and expects https traffic. This will not work with the above mentioned Ingress configuration - your Java application should listen on port 8080 and expect http traffic.
If you really want your Java application to listen for HTTPS, you could configure Ingress the following way:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: tomcat-webapp
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
... # the rest is the same