Versions Compared

Old Version 28

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

What is Ingress?

In Kubernetes, an Ingress is a object that allows access to your Kubernetes services from outside the cluster. The ingress is made up of 2 parts: the kubernetes component that deals with directing external traffic to internal services is called the ingress controller, which obeys the rules present in the ingress resources. So, you configure access by creating a collection of rules, written in a file, that define which inbound connections reach which services. Without the use of the ingress, all the cluster services, to which one wishes to access from the outside, must be exposed to the internet. The advantage of the ingress consists, in fact, in exposing a single access point externally, which will take care of routing the traffic within the cluster.

Ingress installation

Prerequisites

First we added assign a new node label to the a cluster node, which will take care of routing incoming requests to the appropriate services. This node will receive requests from the internet, so it must have a FIP.So, we created a new VM (Launch and manage instances) with a low-medium flavor, as it should only act as an ingress, and joined it to cluster, using the comand kubeadm join (Building the cluster). We then assigned to the node, through a label, the "role" of ingress with the command

Code Block
languagebash
titleInsert label
# Enter the node name and label. The optional "--overwrite" flag is used in case the value is already present
$ kubectl label node <node_name> kubernetes.io/role=<label_value> [--overwrite]
# Alternatively, you can edit the label directly in a text editor
$ kubectl edit node <node_name>

The addition of the label will be used later, to indicate on which node to install the input controller Pod. The same operation can also be performed on the other nodes (, assigning the role of worker), in order to obtain

Code Block
languagebash
titleRoles of nodes
# Note the "ROLES" column
$ kubectl get node
NAME                     STATUS   ROLES     AGE     VERSION
mycentos-0.novalocal     Ready    master    70d     v1.20.45
mycentos-1.novalocal     Ready    worker    69d     v1.20.45
mycentos-2.novalocal     Ready    worker    69d     v1.20.45
mycentos-ing3.novalocal     Ready    ingress   4d19h   v1.20.45

Ingress Controller

As said previously, you must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect. There are several input controllers, here we will use one of the most used. We will use the Nginx Ingress Controller guide as a reference. For more information, we recommend that you consult the official guide (an installation with Helm is also available on the same site).

...

Code Block
languagebash
titleGitHub repo
$ git clone https://github.com/nginxinc/kubernetes-ingress/
$ cd kubernetes-ingress/deployments
$ git checkout v1.811.13

Before continuing, let's stop for a moment, because we need to make some small changes to the files in the folder we just cloned from the GitHub repo. The files in question are located here:

...

Code Block
languageyml
titlenginx-ingress.yaml (2)
args:
  - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
  - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
 # - -v=3 # Enables extensive logging. Useful for troubleshooting.
   - -report-ingress-status                                              #----- Uncommented
 # - -external-service=nginx-ingress
 #- -enable-prometheus-metrics
 #- -global-configuration=$(POD_NAMESPACE)/nginx-configuration
  - -enable-leader-election                                              #----- Uncommented
 #- -enable-custom-resources

...

Code Block
languageyml
titlecafe-ingress.yaml (multiple path)
apiVersion: networking.k8s.io/v1beta1v1
kind: Ingress
metadata:
  name: cafe-ingress
spec:
#  tls:                             # Let's ignore 
#  - hosts:                         # and comment 
#    - cafe.example.com             # these lines 
#    secretName: cafe-secret        # for the moment
  rules:
  - host: cafe.example.com
    http:
      paths:
      - path: /tea                  # Use cafe.example.com/tea to target "tea" services
        backendpathType: Prefix
          serviceNamebackend:
 tea-svc      # Enter the service:
            name: tea-svc      # Enter the service name
          servicePort  port: 80 
              number: 80       # Enter the port number on which the service is listening
      - path: /coffee               # Use cafe.example.com/coffee to target "coffee" services
        pathType: Prefix
        backend:
          serviceNameservice:
            name: coffee-svc   # Enter the service name
            servicePort: 80port:
              number: 80	   # Enter the port number on which the service is listening

...