You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: blog/_posts/2024-12-09-quickstart-uplink.md
+11-2Lines changed: 11 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -42,7 +42,7 @@ This approach is ideal for managing customer endpoints or internal services that
42
42
43
43
For hosting providers, where you want some or all of the tunnels to be publicly accessible, you can turn on the "data router" component and use Kubernetes Ingress or Istio to route traffic from your custom domains to the tunnel server.
44
44
45
-
When exposing tunnels to the Internet, you can create a new Ingress record for each domain, or use a wildcard domain so that a single Ingress record and TLS certificate can serve all tunnels. Learn more in: [Ingress for Tunnels](https://docs.inlets.dev/uplink/ingress-for-tunnels/).
45
+
When exposing tunnels to the Internet, you can create a new Ingress record for each domain, or use a wildcard domain so that a single Ingress record and TLS certificate can serve all tunnels. Learn more in: [Expose Tunnels to the Internet](https://docs.inlets.dev/uplink/expose-tunnels/).
46
46
47
47
Our [inlets cloud](https://inlets.dev/cloud) product is built on top of multiple inlets uplink installations in different regions around the world. Our UI makes use of the REST API (client-api) that's built into inlets uplink.
48
48
@@ -76,13 +76,22 @@ kubectl get svc ingress-nginx-controller -n ingress-nginx
76
76
77
77
This will be an IP address or a DNS name, some provides such as AWS EKS will provide a DNS name. Create DNS A records in the next step if you received an IP address, otherwise create CNAME records.
78
78
79
+
### What needs to be public?
80
+
81
+
The only service that needs to be public is the client-router, which is used by the `inlets-pro uplink client` command via its `--url wss://` flag.
82
+
83
+
The client-api can be kept private and accessed from within the cluster over HTTP, or it can be turned off completely. If you only intend to manage tunnels via the `inlets-pro tunnel` CLI, or the Kubernetes CRD (with Helm, ArgoCD, or kubectl), then the client-api can be disabled.
84
+
85
+
Tunneled services will only be accessible via ClusterIP from within the Kubernetes cluster, so they are private by default. If needed, you can [Expose them on the Internet](https://docs.inlets.dev/uplink/expose-tunnels/) by following separate instructions.
86
+
79
87
### Configure the uplink Helm chart
80
88
81
89
Create two DNS A or CNAME records to the IP or DNS name given in the previous step:
82
90
83
91
1. The first is for the client-api, this is the REST API that can be used to manage tunnels - `us1.uplink.example.com`
84
92
2. The second is for the client-router, this is the public endpoint that the inlets client will use - `clientapi.us1.uplink.example.com`
0 commit comments