This post will document some of the issues I ran into while setting up Kubernetes for this site.
I want requests to www.andrewtchin.com and andrewtchin.com to display the same site. I have a CNAME from www.andrewtchin.com to andrewtchin.com but did not configure that in the first iteration of the Ingress. This led to a TLS error upon connecting to www.andrewtchin.com since the Ingress used the default self-signed TLS certificate instead of a Let’s Encrypt certificate.
To achieve the desired result I simply had to add the additional TLS host and rule for www.andrewtchin.com.
As shown here, tls describes the hosts that the Ingress terminates with the corresponding secret (containing both DNS names). Then, rules describes which service traffic matching the host and path should be directed to.
After configuring the www subdomain in the Ingress, I needed the Let’s Encrypt certificate to be regenerated to include the additional DNS name. To do this I deleted the secret as below:
After this, visiting www.andrewtchin.com was still not using the correct TLS certificate. Viewing the certificate showed that it was waiting for the certificate request to complete:
Interestingly, the certificate request showed that it was successful:
To reissue the certificate, I deleted it:
This resolved the problem and I was able to access both andrewtchin.com and www.andrewtchin.com correctly.
For now, deployment is manual. To deploy, I delete the pod and the new image gets pulled when the replacement is created. I will experiment with setting up deployment from Gitlab next.
Overall I am very happy with this setup and look forward to deploying other apps on the cluster!