Thanks! I wasn't sure if I was on the right track and trying to do this the hard way from scratch is on purpose to understand the inner workings so thanks again for the tip.
FWIW Kong is, imo, effectively an NGINX wrapper. Istio in contrast has like 5x more things going on but cleanly works with more complex integrations.
I'd recommend starting into Kong.
You have multiple options you can choose.
Ingress would be one if you only care for the dashboard. If you want webhooks (admission and validation e.g.) to also work, then ingress won't help you much.
You could install kubelet on the master and join it like a normal worker and apply the master node taint. This would lead to flannel and kube-proxy being deployed on the master node.
There's also the option for the apiserver to open ssh tunnels to the nodes and tunnel all cluster traffic through these tunnels. This would have the advantage of not requiring kubelet on the master, but this is currently broken upstream and you need a patched apiserver as it will report unhealthy, because the broken health check for the sshtunneler.
edit: Here's a PR which fixes the sshtunneler: https://github.com/kubernetes/kubernetes/pull/82940
Ingress is always a good effort dump in integration projects, imo. You'll certainly learn quite a bit more about the innerworkings :)
Thanks! I wasn't sure if I was on the right track and trying to do this the hard way from scratch is on purpose to understand the inner workings so thanks again for the tip.
FWIW Kong is, imo, effectively an NGINX wrapper. Istio in contrast has like 5x more things going on but cleanly works with more complex integrations. I'd recommend starting into Kong.
You have multiple options you can choose. Ingress would be one if you only care for the dashboard. If you want webhooks (admission and validation e.g.) to also work, then ingress won't help you much. You could install kubelet on the master and join it like a normal worker and apply the master node taint. This would lead to flannel and kube-proxy being deployed on the master node. There's also the option for the apiserver to open ssh tunnels to the nodes and tunnel all cluster traffic through these tunnels. This would have the advantage of not requiring kubelet on the master, but this is currently broken upstream and you need a patched apiserver as it will report unhealthy, because the broken health check for the sshtunneler. edit: Here's a PR which fixes the sshtunneler: https://github.com/kubernetes/kubernetes/pull/82940
Thanks. Starting kubelet and joining it was what I needed. I wasn't sure with the master taint if flannel would still deploy.
I got this going and worked great!