Home Explore Blog CI



kubernetes
3rd chunk of `content/en/blog/_posts/2015-07-00-Strong-Simple-Ssl-For-Kubernetes.md`
5219cc4bdbebd6b632328171ae9a05dbc591aebe6a64eb1d00000001000005ad

          -

            name: "SERVICE\_PORT\_ENV\_NAME"

            value: "JENKINS\_SERVICE\_PORT\_UI"

          -

            name: "ENABLE\_SSL"

            value: "true"

          -

            name: "ENABLE\_BASIC\_AUTH"

            value: "true"

        ports:

          -

            name: "nginx-ssl-proxy-http"

            containerPort: 80

          -

            name: "nginx-ssl-proxy-https"

            containerPort: 443
 ```




The pod will have a service exposing TCP 80 and 443 to a public load balancer. Here’s the service descriptor [(also available in the sample app](https://github.com/GoogleCloudPlatform/kube-jenkins-imager/blob/master/service_ssl_proxy.yaml)):



```
  kind: "Service"

  apiVersion: "v1"

  metadata:

    name: "nginx-ssl-proxy"

    labels:

      name: "nginx"

      role: "ssl-proxy"

  spec:

    ports:

      -

        name: "https"

        port: 443

        targetPort: "nginx-ssl-proxy-https"

        protocol: "TCP"

      -

        name: "http"

        port: 80

        targetPort: "nginx-ssl-proxy-http"

        protocol: "TCP"

    selector:

      name: "nginx"

      role: "ssl-proxy"

    type: "LoadBalancer"
 ```




And here’s an overview with the SSL termination proxy in place. Notice that Jenkins is no longer directly exposed to the public Internet:

[![](https://3.bp.blogspot.com/-0B1BEQo_fWc/VaVxVUBkf3I/AAAAAAAAAVE/5yCCnA29C88/s400/0%2B%25281%2529.png)
Title: Service Descriptor and Overview of SSL Termination Proxy
Summary
The pod has a service exposing TCP ports 80 and 443 to a public load balancer, with descriptors available in the sample app. The service configuration includes details like kind, API version, metadata, and port specifications for both HTTPS (443) and HTTP (80), directing traffic to the appropriate target ports. The selector specifies the pods to which the service applies, based on labels. The service type is set to LoadBalancer. The overview highlights that Jenkins is no longer directly exposed to the public internet with the SSL termination proxy in place.