Skip to content

Commit f252e66

Browse files
committed
Add note on client-api being optional
Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
1 parent a1018c8 commit f252e66

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

blog/_posts/2024-12-09-quickstart-uplink.md

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ This approach is ideal for managing customer endpoints or internal services that
4242

4343
For hosting providers, where you want some or all of the tunnels to be publicly accessible, you can turn on the "data router" component and use Kubernetes Ingress or Istio to route traffic from your custom domains to the tunnel server.
4444

45-
When exposing tunnels to the Internet, you can create a new Ingress record for each domain, or use a wildcard domain so that a single Ingress record and TLS certificate can serve all tunnels. Learn more in: [Ingress for Tunnels](https://docs.inlets.dev/uplink/ingress-for-tunnels/).
45+
When exposing tunnels to the Internet, you can create a new Ingress record for each domain, or use a wildcard domain so that a single Ingress record and TLS certificate can serve all tunnels. Learn more in: [Expose Tunnels to the Internet](https://docs.inlets.dev/uplink/expose-tunnels/).
4646

4747
Our [inlets cloud](https://inlets.dev/cloud) product is built on top of multiple inlets uplink installations in different regions around the world. Our UI makes use of the REST API (client-api) that's built into inlets uplink.
4848

@@ -76,13 +76,22 @@ kubectl get svc ingress-nginx-controller -n ingress-nginx
7676

7777
This will be an IP address or a DNS name, some provides such as AWS EKS will provide a DNS name. Create DNS A records in the next step if you received an IP address, otherwise create CNAME records.
7878

79+
### What needs to be public?
80+
81+
The only service that needs to be public is the client-router, which is used by the `inlets-pro uplink client` command via its `--url wss://` flag.
82+
83+
The client-api can be kept private and accessed from within the cluster over HTTP, or it can be turned off completely. If you only intend to manage tunnels via the `inlets-pro tunnel` CLI, or the Kubernetes CRD (with Helm, ArgoCD, or kubectl), then the client-api can be disabled.
84+
85+
Tunneled services will only be accessible via ClusterIP from within the Kubernetes cluster, so they are private by default. If needed, you can [Expose them on the Internet](https://docs.inlets.dev/uplink/expose-tunnels/) by following separate instructions.
86+
7987
### Configure the uplink Helm chart
8088

8189
Create two DNS A or CNAME records to the IP or DNS name given in the previous step:
8290

8391
1. The first is for the client-api, this is the REST API that can be used to manage tunnels - `us1.uplink.example.com`
8492
2. The second is for the client-router, this is the public endpoint that the inlets client will use - `clientapi.us1.uplink.example.com`
8593

94+
8695
Next, edit values.yaml:
8796

8897
```sh
@@ -485,5 +494,5 @@ See also:
485494
* [Inlets Uplink REST API](https://docs.inlets.dev/uplink/rest-api/)
486495
* [Monitor Inlets Uplink tunnels](https://docs.inlets.dev/uplink/monitoring-tunnels/)
487496
* [Expose a Kubernetes API Server via inlets](https://docs.inlets.dev/tutorial/kubernetes-api-server/)
488-
* [Expose Inlets Uplink tunnels publicly for Ingress](https://docs.inlets.dev/uplink/ingress-for-tunnels/)
497+
* [Expose Inlets Uplink tunnels publicly for Ingress](https://docs.inlets.dev/uplink/expose-tunnels/)
489498

0 commit comments

Comments
 (0)