In Kubernetes you can configure external HTTPS access to your applications using Ingress resources. Ingress provides load balancing, SSL termination and name-based virtual hosting.
Wayfinder can automatically register domains and generate TLS certificates for Ingress objects. This lets developers easily expose their application services.
The following table lists some important terms to understand about how Wayfinder handles access to your applications.
|Ingress resource||A collection of routing rules that define which inbound connections can reach your application service. Wayfinder provides an easy way to generate an |
|Network policy||Lets you control traffic flow to your application at the port level. By default Wayfinder deploys a |
Wayfinder can generate this network policy for you when you follow the steps in Generate an Ingress resource and network policy. You can also create a network policy manually—see Create Network Policies.
|Ingress controller||Acts mainly as a router and load balancer in Kubernetes. For the Ingress resource to work, a Kubernetes cluster must have an Ingress controller running. Wayfinder automatically installs a public-facing Ingress controller with class |
|DNS zones and domains||Wayfinder Administrators and Workspace Administrators can register DNS zones to be used for Ingress resources. Wayfinder installs and configures ExternalDNS in each managed Kubernetes cluster to automatically generate DNS records and managed DNS zones. For more information, see Manage Domains.|
|Certificates||Web applications should use HTTPS endpoints. For security, we strongly recommend using end-to-end encryption for internal communication between your applications and services. |
Wayfinder automatically installs and configures cert-manager in each managed Kubernetes cluster, which creates and manages X.509 certificates (used by TLS) for Kubernetes Ingress objects and other requirements. For more information, see Manage Certificates.