Magic of Kubernetes Ingress for home lab
In previous post I mentioned of moving Home Assistant from kubernetes to dedicated host, which means I would lose all the benefits I had from running HA in Kubernetes:
- Access from internet via public load balancer
- SSL termination
- Visibility on network traffic, logs and metrics
Separate device would required me to look for solutions how to expose this device to internet, ssl terminate it, and ensure my home IP changes would not break external access.
Luckily I was still able to use Kubernetes and route traffic to external (from k8s perspective) host, which was quite simple actually.
Simply set up all the services as usual:
- Ingress
- Service
And one extra: Endpoint; which are usually automatically managed by kubernetes depending on pods running and service definitions, but in this case I define one statically.
YAML I used:
---
apiVersion: v1
kind: Endpoints
metadata:
name: ha-external
namespace: homeassitant
subsets:
- addresses:
- ip: 192.168.88.102
ports:
- port: 8123
---
apiVersion: v1
kind: Service
metadata:
name: ha-external
namespace: homeassitant
spec:
ports:
- port: 8123
targetPort: 8123
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ha-ingress
namespace: homeassitant
spec:
rules:
- host: ha.hexide.com
http:
paths:
- backend:
service:
name: ha-external
port:
number: 8123
path: /
pathType: Prefix
tls:
- hosts:
- ha.hexide.com
secretName: hexide-com-tls
Overall traffic setup looks like this:
Comments ()