Customizing the Manifest File¶
Once the manifest file is generated, it can be reviewed and if necessary customized.
The following aspects should be taken in account:
- Resource Request and Limits: Both controllers and proxies come with enforced resource limits. The defaults are voluntarily kept large to fit most of use cases. They can be adjusted to better fit the targeted installation.
- Network Configuration and Exposed Ports: By default, the proxy deployment is configured to expose the ports
443. However, if other ports are required, they should be changed the proxy deployment and the associated service.other ports are required, they should be changed the proxy deployment and the associated service.
- Readiness Probes: The proxy deployment comes with readiness probes disabled by default as it is related to the entrypoints configured on the cluster. The probes should be configured accordingly and enabled to avoid sending traffic to non-configured proxies.
- Environment variables: To use Datadog or ACME DNS Challenge for instance, environment variables should be configured either on proxies or controllers.
Common Scenarios Requiring Customization¶
External Load Balancer¶
By default, the manifest files generated by
teectl setup gen include a service definition with a LoadBalancer type for the proxies.
This service type relies on the Cloud Provider's ability to create an external load balancer, while automatically creating a CluterIP and NodePort that will be targeted by it.
While this is fine for most use cases, it's also common to not want to dynamically create load balancers but instead use an external load balancer to route to Kubernetes services via ClusterIP or NodePort.
To achieve this, the service type must be changed in the manifest file before applying it to the cluster:
apiVersion: v1 kind: Service #[...] spec: type: NodePort ports: - name: http port: 80 targetPort: http - name: https port: 443 targetPort: https #[...]
apiVersion: v1 kind: Service #[...] spec: type: ClusterIp ports: - name: http port: 80 targetPort: http - name: https port: 443 targetPort: https #[...]
With this configuration, the load balancer can target either the address of individual nodes running the proxy service or the cluster ip address.
Port management when using NodePort
When setting the nodePort field to a fixed port, the management of port conflicts is the cluster operator's responsibility.