Blog/content/post/deploy kub application.md

---
slug: 
title: Template
description: 
date: 
draft: true
tags: 
categories:
---

## Intro

After have created a Kubernetes cluster in my homelab with `kubeadm` in [that post]({{< ref "post/8-create-manual-kubernetes-cluster-kubeadm" >}}), my next goal is to expose a simple pod externally, reachable with an URL and secured with a TLS certificate verified by Let's Encrypt.

To achieve that, I will need several components:
- Service: TODO add oneline description
- Ingress: TODO add oneline description
- Ingress Controller: TODO add oneline description
- TLS Certificates: TODO add oneline description

---
## Helm

For these components to work, I will have to install new products. To install them, I will use Helm
### Why Helm
explain install Helm
### Install Helm


---
## Kubernetes Services

TODO add why we need service  

### What is a Kubernetes Service

explain what is a Service and its purpose
### Different Services

give the list of differents services
#### ClusterIP

explain what ClusterIP services are
#### NodePort

explain what NodePort services are
#### LoadBalancer

explain what LoadBalancer services are

---
## Expose a `LoadBalancer` Service with BGP

At first, I was thinking of using **MetalLB** to expose the IP of my services to my home network. This is what I used in the past when I was using my ISP box as router. After reading this post, [Use Cilium BGP integration with OPNsense](https://devopstales.github.io/kubernetes/cilium-opnsense-bgp/), I could do it differently using **BGP** with my OPNsense router.
### What Is BGP?

BGP (Border Gateway Protocol) is a routing protocol used to exchange network routes between systems. In the Kubernetes homelab context, BGP allows your Kubernetes nodes to advertise IPs  directly to your **network router or firewall**. Your **router then knows** how to reach the IPs managed by your cluster.

So instead of MetalLB managing IP allocation and ARP replies, your nodes directly tell your router: “Hey, I own 192.168.1.240”.
### Legacy MetalLB Approach

Without BGP, MetalLB in Layer 2 mode works like this:
- Assigns a LoadBalancer IP (e.g., `192.168.1.240`) from a pool.
- One node responds to **ARP** for that IP on your LAN.

I know that MetalLB can also work with BGP, but what if my CNI (Cilium) can handle it out of the box?
### BGP with Cilium

With Cilium + BGP, you get:
- Cilium’s agent on the node advertises LoadBalancer IPs over BGP.
- Your router learns that IP and routes to the correct node.
- No need for MetalLB.

### BGP Setup

#### On OPNsense

#### In Cilium

### Deploying a LoadBalancer with BGP
#### Using an IP Address
#### Using a URL

---
## Kubernetes Ingress

TODO add why we need service  
### What is a Kubernetes Ingress

explain what is an Ingress and its purpose

### How Ingress Work


---
## Ingress Controller

### What is an Ingress Controller

explain what is an Ingress Controller and its purpose

### Which Ingress Controller to Use

comparison between ingress controller
which one I picked and why
### Install NGINX Ingress Controller

detail installation of NGINX Ingress Controller
verify ingress controller service
### Associate a Service to an Ingress


oneline to explain how to use https

---
## Secure Connection with TLS

to use https

### Cert-Manager

#### Install Cert-Manager

install with helm
#### Setup Cert-Manager

verify clusterissuer

### Add TLS in an Ingress

ingress tls code

verify 

---
## Conclusion