github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-05-06 17:06:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔧 Tweak advanced Ingress lab

Browse Source
This commit is contained in:
Jérôme Petazzoni
2026-05-04 15:43:35 +02:00
parent ac7149e196
commit cba56033b4
1 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
slides/exercises/advanced-http-details.md
View File

@@ -44,7 +44,7 @@ Try to complete at least one path; but feel free to experiment with other option
## Which environment?
- Managed cluster (difficult: low)
- Managed cluster (difficulty: low)
easier, because it has `LoadBalancer` services
<br/>
@@ -54,7 +54,7 @@ Try to complete at least one path; but feel free to experiment with other option
requires to switch to a combination of `hostPort` / `DaemonSet`
- Local KinD cluster (difficult: hard)
- Local KinD cluster (difficulty: hard)
actually not *that* hard, but you need to set up port mapping correctly
@@ -62,17 +62,37 @@ Try to complete at least one path; but feel free to experiment with other option
---
## Which API?
- Ingress (difficulty: easy)
legacy (but still supported); much simpler to deploy/operate
- Gateway API HTTPRoute, TLSRoute (difficulty: medium)
new; hopefully future-proof; support is uneven across products
- Gateway API TCPRoute (difficulty: hard)
experimental; requires even more tinkering
- Vendor-specific
---
## Which controller?
- Traefik (difficulty: medium)
better Kubernetes integration (especially for Gateway API!)
- HAProxy (difficulty: hard)
- HAProxy Ingress (difficulty: hard)
you'll probably need to [install Gateway API CRDs manually][haproxy-gateway-api-docs]
supports Ingress and TCPRoute, but doesn't supportessential Gateway API features
[haproxy-gateway-api-docs]: https://www.haproxy.com/documentation/kubernetes-ingress/gateway-api/enable-gateway-api/#deploy-gateway-api-resources
- HAProxy Unified Gateway (difficulty: hard)
supports Gateway API more comprehensively, but doesn't support Ingress
---
@@ -126,7 +146,7 @@ Try to complete at least one path; but feel free to experiment with other option
## Bonus goals
- Make sure that the web apps have a valid TLS cert
- Obtain a valid TLS cert for our web apps, with cert-manager + Let's Encrypt
(this requires a real domain name; use the `kubeadm` cluster with the provided domain!)
@@ -134,7 +154,11 @@ Try to complete at least one path; but feel free to experiment with other option
- expose webui, rng, hasher, with Ingress / HTTPRoute
- expose redis with a TCPRoute
- expose redis with a TLSRoute
- try a TCPRoute (experimental!)
Note: for the TLSRoute, you can use a valid cert or a manual, self-signed one.
---