Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yandex-cloud-examples/yc-mk8s-gateway-api-samples

Gateway API usecases for Managed Service for Kubernetes (MK8S).
https://github.com/yandex-cloud-examples/yc-mk8s-gateway-api-samples

kubernetes kubernetes-api mk8s yandex-cloud yandexcloud

Last synced: about 16 hours ago
JSON representation

Gateway API usecases for Managed Service for Kubernetes (MK8S).

Host: GitHub
URL: https://github.com/yandex-cloud-examples/yc-mk8s-gateway-api-samples
Owner: yandex-cloud-examples
License: apache-2.0
Created: 2023-11-03T08:13:35.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-11-03T08:20:48.000Z (about 1 year ago)
Last Synced: 2023-11-03T09:28:14.545Z (about 1 year ago)
Topics: kubernetes, kubernetes-api, mk8s, yandex-cloud, yandexcloud
Homepage:
Size: 6.84 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Gateway API usecases for Managed Kubernetes

This folder contains examples of k8s manifests to set up kubernetes [gateways](https://gateway-api.sigs.k8s.io/) for Prod and Dev environments. Environments placed to different namespaces. Gateways configured to be bind only to particular namespaces for isolation. TLS secrets placed to separate namespace.

## Prerequires

- Managed Kubernetes Cluster in Yandex Cloud.

- Installed and initialized [yc cli](https://cloud.yandex.com/en-ru/docs/cli/operations/install-cli).

- Public domain [deletated to Cloud DNS](https://cloud.yandex.com/en-ru/docs/dns/concepts/dns-zone#public-zones) service by Yandex Cloud.

## Gateway installation

- Install Gateway API from Marketplace. In console go to Managed Service for Kubernetes -> (Select your cluster) -> Marketplace -> Gateway API -> Use.

- Fill all necessary fields and install Gateway API.

## Example of Prod and Dev gateways and environments

### Create reserved IP addresses

```bash

yc vpc address create --name=prod --labels reserved=true --external-ipv4 zone=ru-central1-b # change to zone of your cluster

yc vpc address create --name=dev --labels reserved=true --external-ipv4 zone=ru-central1-b # change to zone of your cluster

```

### Create prod and dev records to your zone

```bash

yc dns zone add-records --name my-domain --record '*.prod.example.com 60 A  '

yc dns zone add-records --name my-domain --record '*.dev.example.com 60 A  '

```

### Create tls certificate (optional) and separate namespace for tls secrets

Create separate namespace for tls secrets.

```bash

kubectl create namespace gateway-api-tls-secrets

```

Create certificate for prod gateway.

```bash

openssl req -x509 \

    -newkey rsa:4096 \

    -keyout gateway-key-prod.pem \

    -out gateway-cert-prod.pem \

    -nodes \

    -days 365 \

    -subj '/CN=*.prod.example.com'

kubectl create -n gateway-api-tls-secrets secret tls gateway-prod-tls \

    --cert=gateway-cert-prod.pem \

    --key=gateway-key-prod.pem

```

Create certificate for dev gateway.

```bash

openssl req -x509 \

    -newkey rsa:4096 \

    -keyout gateway-key-dev.pem \

    -out gateway-cert-dev.pem \

    -nodes \

    -days 365 \

    -subj '/CN=*.dev.example.com'

kubectl create -n gateway-api-tls-secrets secret tls gateway-dev-tls \

    --cert=gateway-cert-dev.pem \

    --key=gateway-key-dev.pem

```

### Configure your IP adresses and domains

Replace  in yaml files to real IPs created earlier and change example.com to your domains.

### Apply manifests

```bash

kubectl apply prod-gw.yaml

kubectl apply prod-app.yaml

kubectl apply prod-route.yaml

kubectl apply dev-gw.yaml

kubectl apply dev-app.yaml

kubectl apply dev-route.yaml

```

### Check applications

Check applications on `app.prod.example.com` and `app.dev.example.com`.