Ingress and Cert-manager with FMS

Using Ingress (NGINX) and Cert-manager (Let’s Encrypt) with Frontier Management Services

Last updated: October 10, 2022 by Jeremy Estrada

What is Ingress?

Kubernetes Ingress is an API object that provides routing rules to manage external users’ access to the services in a Kubernetes cluster, typically via HTTPS/HTTP. With Ingress, you can easily set up rules for routing traffic without creating a bunch of Load Balancers or exposing each service on the node. This makes it the best option to use in production environments.

In production environments, you typically need content-based routing, support for multiple protocols, and authentication. Ingress allows you to configure and manage these capabilities inside the cluster.

Ingress is made up of an Ingress API object and the Ingress Controller. As we have discussed, Kubernetes Ingress is an API object that describes the desired state for exposing services to the outside of the Kubernetes cluster. An Ingress Controller is essential because it is the actual implementation of the Ingress API. An Ingress Controller reads and processes the Ingress Resource information and usually runs as pods within the Kubernetes cluster.

An Ingress provides the following:

• Externally reachable URLs for applications deployed in Kubernetes clusters
• Name-based virtual host and URI-based routing support
• Load balancing rules and traffic, as well as SSL termination

Ingress-NGINX

Ingress-NGINX is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. We are currently utilizing Ingress-NGINX for Frontier Management Services (FMS). For guides regarding this topic, please redirect to the following tutorials below:

• Creating a Kubernetes Ingress Resource with a Static IP Address on Azure/AKS
• Creating a Kubernetes Ingress Resource with a Static IP Address on GCP or GKE
• Configure Ingress Controller x509 Client Authentication
• Configuring MetalLB and NGINX for Federal Frontier API Services

Cert-manager

Cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry. The following guides below will introduce tutorials of how cert-manager is implemented into Frontier Management Services (FMS):

• Let’s Encrypt in Kubernetes Cluster
• Let’s Encrypt Example for Federal Frontier API Services
• Verify mTLS Encryption and Use Wireshark in the Kubernetes Cluster