Kevin Ashcraft

Linux & Radio Tutorials

Setup a Kubernetes Ingress Controller

This is an example of how to setup an Ingress Controller on Kubernetes using Nginx.

Ingress Benefits

Ingress in Kubernetes provides the ability of receiving HTTP/S traffic and forwarding it to the appropriate service.

An Ingress can have rules to forward traffic based on a host name and path.

Ingresses can also terminate TLS requests, housing certificates for the different domains, before forwarding the request to a Service.

Install Controller

Some cloud platforms provide a ready-made Ingress controller, but other Kubernetes implementations will require one to be installed. In this case we'll turn to the Nginx Ingress Controller.

The Deployment Steps are listed in the official repo in a few different sections. We'll combine the ones needed to get Ingress working on a non-native platform (such as DigitalOcean).

First setup the the namespace, default backend, and configmaps. The default backend is where all traffic without a matching host will be directed.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml
    

Next we'll install the controller with RBAC roles.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml
    

Then the service for baremetal/non-native clouds.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
    

Finally, patch the Service so that it uses the HostNetwork for communication.

kubectl patch deployment nginx-ingress-controller -n ingress-nginx --patch '{"spec": {"template": {"spec": {"hostNetwork": true} }
    

Scale the Controller

You'll need one instance of the controller running for each Node so scale it accordingly.

kubectl scale deployment -n ingress-nginx nginx-ingress-controller --replicas=$NUMBER_OF_NODES

An Example Ingress

Let's look at an example Ingress configuration.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-com
  labels:
    project: example-com
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: example-com
          servicePort: 80
  - host: api.example.com
    http:
      paths:
      - backend:
          serviceName: example-com-api
          servicePort: 80
    

Here we're setting up an Ingress configuration that will listen for requests destined for two domains, example.com and api.example.com. Any requests not matching the rules will be sent to the default backend (setup in the first step).

These rules could also include specific paths to go to different Services.