OpenFaaS on Azure AKS with SSL Ingress (OpenFaaS on AKS Part 2/2)

Eric Stoekl
Mar 16, 2018 · 3 min read

Move OpenFaaS to the default namespace

git clone https://github.com/openfaas/faas-netes
cd faas-netes
helm delete --purge openfaas
kubectl delete ns openfaas
kubectl delete ns openfaas-fn
helm upgrade --install --namespace default --set functionNamespace=default --set async=true --set rbac=false --set serviceType=NodePort openfaas chart/openfaas

Install Contour

kubectl apply -f https://j.hept.io/contour-deployment-norbac
$ kubectl get svc -n heptio-contour
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour LoadBalancer 10.0.106.23 52.170.87.144 80:32617/TCP,443:30234/TCP 6m

Install Ingress Controller

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: of-ingress
annotations:
kubernetes.io/tls-acme: "true"
certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- secretName: of-secret
hosts:
- <your.domain.name>
rules:
- host: <your.domain.name>
http:
paths:
- backend:
serviceName: gateway-external
servicePort: 8080
$ kubectl apply -f openfaas-ingress.yml

Deploy CertManager

git clone https://github.com/jetstack/cert-manager
cd cert-manager
kubectl -n cert-manager apply -f docs/deploy/without-rbac/
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
email: <your-valid-email@address.com>
http01: {}
privateKeySecretRef:
name: letsencrypt-prod
server: https://acme-v01.api.letsencrypt.org/directory
kubectl apply -f clusterissuer-prod.yml

Check that everything is installed

$ kubectl get ing
NAME HOSTS ADDRESS PORTS AGE
of-ingress <your-dns>.com 80, 443 1h
$ kubectl get svc -n heptio-contour
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
contour LoadBalancer 10.0.63.10 52.176.3.125 80:31067/TCP,443:32413/TCP 1h

Point your DNS to the AKS LoadBalancer

Setting my A Record on AWS Route 53
Verify that you can access your OpenFaaS deployment through the URL endpoint

Conclusion

Eric Stoekl

Written by

Fan of Open Source and DevOps. OpenFaaS contributor.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade