So, I think I finally figured out how to do an ingress controller. Noting here for posterity.
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml \ | kubectl apply -f - curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml \ | kubectl apply -f - curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \ | kubectl apply -f - curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml \ | kubectl apply -f - curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml \ | kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml \ | kubectl apply -f - curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml \ | kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml \ | kubectl apply -f -
That gets the base install completed. Create tls certs with the following:
kubectl create secret tls host-secret --key /tmp/tls.key --cert /tmp/tls.crt
Where the name is unique, and set paths.
Then start with this:
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: foo-tls namespace: default spec: tls: - hosts: - my-first-host.com secretName: host-secret - hosts: - bar.baz.com # this assumes a second ssl cert has been added secretName: barbaz rules: - host: foo.bar.com http: paths: - backend: serviceName: http-svc # this should point to the listener port for the service # and not the pod directly servicePort: 80 path: / - host: bar.baz.com http: paths: - backend: serviceName: nginx servicePort: 80 path: /