Consider setting up an ingress controller for the MacStadium clusters #20
Description
Most of the Mac infra does not really need it: the services we deploy right now mostly don't need to be exposed outside the cluster itself.
But we do have them here and there. Mostly, at the moment, it's just the Kubernetes dashboard. Currently that's set up with a NodePort service, so it's available by going to port 31000 on any node in the cluster (usually the master). It works.
A slightly smoother approach would be to have an ingress controller like NGINX or Traefik set up, and expose the dashboard through an Ingress resource.
If we did this, we could have dashboard URLs like:
- https://dashboard-prod-1.macstadium-us-se-1.travisci.net/
- https://dashboard-staging.macstadium-us-se-1.travisci.net/
I know Traefik includes support for LetsEncrypt built-in, and if we configured it to use DNS for verification of ownership, we might even be able to have real TLS certificates for these domains.