I have successfully deployed a standalone and replica set instance on kubernetes. I have looked in the documentation for deployments and don’t see any information on adding ingresses so you can connect via an external network. Does anyone have any experience with this?
We have a few customers using Ingress, I spoke to one recently who’s using HA Proxy to good effect to use an internal CA for TLS within the cluster (which they’ve had to do as their main CA can’t sign cluster.local names) and then use their normal CA for an external name. HA Proxy is then terminating the TLS and reestablishing it on the internal side.
Hi Dan,
Thanks for the reply I’ll look into HA Proxy. You said only a few customers use ingress, what do the other customers use to connect from outside the kubernetes cluster?
Some use load balancers, others use nodeport. I can’t really say what the split is, but I’ve just today (totally by chance) had a chat around all this with one of our engineers and we’re in favour of using ingress. Done well it saves using nodeport to expose all the individual replica set members one by one, and it saves having N load balancer external IPs for each of the N replica set members. You can just route to the right one using SNI.
That’s the guidance we’re likely to document at some point, but we’ll likely not get to that for a while due to other priorities.