alpeb · March 25, 2021 20:44
diff --git a/Injected Traefik ingress TLS request b/Injected Traefik ingress TLS request
 #!/bin/bash

 set -euxo pipefail

 # Set the linkerd binary to use.
 LINKERD_CLI=linkerd

 # create the local k8s cluster. Either k3d or kind can be used.
 k3d cluster create --k3s-server-arg "--disable=traefik"
 # kind create cluster

 # install linkerd and wait for it to report ready
 $LINKERD_CLI install | kubectl apply -f -
 $LINKERD_CLI check

 # install traefik
 helm install traefik traefik \
        --create-namespace \
        --namespace=traefik-system \
        --repo=https://helm.traefik.io/traefik \
        --wait \
        --set=deployment.podAnnotations."linkerd\.io/inject=enabled" \
  --set=service.type=NodePort \
  --set ports.websecure.tls.enabled=true

 # install emojivoto
 curl -sL https://run.linkerd.io/emojivoto.yml | $LINKERD_CLI inject - | kubectl apply -f -

 # create an ingress for the web-svc with tls enabled through traefik
 kubectl --namespace emojivoto apply -f - <<EOF
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: web
  namespace: emojivoto
  annotations:
    traefik.ingress.kubernetes.io/router.tls: "true"
    ingress.kubernetes.io/custom-request-headers: l5d-dst-override:web-svc.emojivoto.svc.cluster.local:80
 spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-svc
            port:
              number: 80
 EOF

 # wait for all pods to report ready. Timeout is for 10 minutes for slower connections
 kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout 10m

 # fetch both the first node's ip address and the node port on which TLS is being served
 NODE_ADDRESS=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
 HTTPS_PORT=$(kubectl --namespace traefik-system get svc traefik -o jsonpath='{.spec.ports[?(@.name == "websecure")].nodePort}')

 # sleep a bit to give k8s and traefik a chance to process the ingress
 sleep 2

 # use the address and port to test if it get's routed to web-svc. This will time out after 15 seconds.
 curl -vk --max-time 15 --resolve example.com:${HTTPS_PORT}:${NODE_ADDRESS} https://example.com:${HTTPS_PORT}
	#!/bin/bash

	set -euxo pipefail

	# Set the linkerd binary to use.
	LINKERD_CLI=linkerd

	# create the local k8s cluster. Either k3d or kind can be used.
	k3d cluster create --k3s-server-arg "--disable=traefik"
	# kind create cluster

	# install linkerd and wait for it to report ready
	$LINKERD_CLI install \| kubectl apply -f -
	$LINKERD_CLI check

	# install traefik
	helm install traefik traefik \
	--create-namespace \
	--namespace=traefik-system \
	--repo=https://helm.traefik.io/traefik \
	--wait \
	--set=deployment.podAnnotations."linkerd\.io/inject=enabled" \
	--set=service.type=NodePort \
	--set ports.websecure.tls.enabled=true

	# install emojivoto
	curl -sL https://run.linkerd.io/emojivoto.yml \| $LINKERD_CLI inject - \| kubectl apply -f -

	# create an ingress for the web-svc with tls enabled through traefik
	kubectl --namespace emojivoto apply -f - <<EOF
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: web
	namespace: emojivoto
	annotations:
	traefik.ingress.kubernetes.io/router.tls: "true"
	ingress.kubernetes.io/custom-request-headers: l5d-dst-override:web-svc.emojivoto.svc.cluster.local:80
	spec:
	rules:
	- http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: web-svc
	port:
	number: 80
	EOF

	# wait for all pods to report ready. Timeout is for 10 minutes for slower connections
	kubectl wait --for=condition=Ready --all pods --all-namespaces --timeout 10m

	# fetch both the first node's ip address and the node port on which TLS is being served
	NODE_ADDRESS=$(kubectl get nodes -o jsonpath='{.items[0].status.addresses[0].address}')
	HTTPS_PORT=$(kubectl --namespace traefik-system get svc traefik -o jsonpath='{.spec.ports[?(@.name == "websecure")].nodePort}')

	# sleep a bit to give k8s and traefik a chance to process the ingress
	sleep 2

	# use the address and port to test if it get's routed to web-svc. This will time out after 15 seconds.
	curl -vk --max-time 15 --resolve example.com:${HTTPS_PORT}:${NODE_ADDRESS} https://example.com:${HTTPS_PORT}