After Kubernetes 1.22, v1 became the only version of the Ingress API. Therefore, NGINX rearchitected NGINX Ingress Controller 2.0 to leverage Ingress API v1. This guide was created to show how NGINX Ingress Controller 2.1.1 deployment and Ingress resource are created in Kubernetes 1.23.4.

Installation

Prerequisites

  • The role of the ingress Kubernetes node has to be labeled as "ingress". Follow the instructions in the prerequisites section at 5) Ingress.
  • The ingress Kubernetes node needs a Floating IP (FIP) to receive traffic from external networks.
  • https port 30506 and http port 31811 are exposed.
  • The package manager for Kubernetes helm has to be installed.

Deploying Ingress Controller

First add NGINX repository to helm.

helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update

Install the Chart and choose its name. User values has to be added to render the ingress controller functional. The values are stored in a yaml file. create a file called values.yaml

values.yaml
controller:
  config:
    entries: {external-status-address: <ingress-FIP>}
  enableTLSPassthrough: true
  nodeSelector: {kubernetes.io/role: ingress}
  hostNetwork: true
  service:
    externalIPs: [<ingress-FIP>]
    externalTrafficPolicy: Local
    extraLabels: {}
    httpPort:
      enable: true
      nodePort: 31811
      port: 80
      targetPort: 80
    httpsPort:
      enable: true
      nodePort: 30506
      port: 443
      targetPort: 443
    loadBalancerIP: ""
    loadBalancerSourceRanges: []
    type: NodePort
Install charts
helm install <chosen-name> nginx-stable/nginx-ingress --values values.yaml

Result

The NGINX Ingress Controller pod and service should be deployed successfully.

kubectl get pod
NAME                                           READY   STATUS    RESTARTS   AGE
<chosen-name>-nginx-ingress-8445479c54-rffsp           1/1     Running   0          3h36m
kubectl get svc
NAME                            TYPE        CLUSTER-IP      EXTERNAL-IP      PORT(S)                      AGE
<chosen-name>-nginx-ingress   NodePort    10.109.161.72       <FIP>         80:31811/TCP,443:30506/TCP   3h36m

Ingress Resource Example

In the following example, we will use ingress resource for the Kubernetes Dashboard which is a web-based Kubernetes user interface. To deploy the dashboard, simply run the following command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

Ingress resource is an API object that manages external access to the services in a cluster. Since Kubernetes Dashboard requires https, special annotation for NGINX ingress controller had to be added in the ingress resource yaml file. In addition, X509 certificate was created.

Create a Certificate and a Kubernetes TLS Secret
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
kubectl create secret tls dashboard-cert --cert=certificate.pem --key=key.pem -n kubernetes-dashboard

Create ingress.yaml file and fill it with the following:

Ingress Resource YAML file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-dashboard
  namespace: kubernetes-dashboard
  annotations:
          nginx.org/ssl-services: "kubernetes-dashboard" # This is important for services requiring https
spec:
  tls:
    - hosts:
      - dashboard.virgo.com # Domain name of the service
      secretName: dashboard-cert # provide the aforementioned secret.
  rules:
  - host: dashboard.virgo.com
    http:
      paths:
      - path: "/"
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443
  ingressClassName: nginx #This ingress resource is handled by NGINX Ingress controller
Deploy Ingress Resource
kubectl create -f ingress.yaml


It is important to note that the domain name has to be stored in /etc/hosts (Linux) or C:\Windows\System32\drivers\etc\hosts (Windows) of the client.

<FIP> dashboard.virgo.com

Result

Use kubectl to check if the Ingress is properly set.

kubectl describe ingress -n kubernetes-dashboard
Name:             ingress-dashboard
Labels:           <none>
Namespace:        kubernetes-dashboard
Address:          <FIP>
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
  dashboard-cert terminates dashboard.virgo.com
Rules:
  Host                 Path  Backends
  ----                 ----  --------
  dashboard.virgo.com
                       /   kubernetes-dashboard:443 (20.100.230.15:8443)
Annotations:           nginx.org/ssl-services: kubernetes-dashboard
Events:
  Type     Reason                     Age                  From                      Message
  ----     ------                     ----                 ----                      -------
  Normal   AddedOrUpdated             10m (x7 over 3h22m)  nginx-ingress-controller  Configuration for kubernetes-dashboard/ingress-dashboard was added or updated

Visit https://dashboard.virgo.com/ to start using Kubernetes Dashboard.


  • No labels