Deploying Ingress controller with HTTP load balancer

The Ingress controller can be deployed in conjunction with the HTTP load balancer of the VK Cloud platform. As an example, a simple demo application and an Ingress resource will be deployed to test the operation of the controller.

1. Create a Kubernetes cluster of the most current version.

   When creating the cluster select the Assign external IP option.

   Select other cluster settings at your discretion.

2. Make sure that the NGINX Ingress addon (ingress-nginx) is not installed in the cluster. For demonstration purposes, the Ingress controller will be installed manually.

3. Make sure that you can connect to the cluster using `kubectl'.

4. Install Helm if the utility is not already installed.

5. Install curl if the utility is not already installed.

These applications will be accessed through the Ingress controller using the Ingress resource.

The tea and coffee applications from NGINX's Cafe example will be used for the demo. Each application consists of a ReplicaSet, a Deployment and a Service corresponding to that Deployment.

To deploy the demo applications:

1. Download the cafe.yaml manifest.

2. Apply this manifest to the cluster:

   Copy
   kubectl apply -f ./cafe.yaml

To check the status of the application components, run the command:

Copy
kubectl get svc,rs,deployment -n default

The output of the command should be similar to this one:

Copy
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGEservice/coffee-svc   ClusterIP   ...              <none>        80/TCP    ...service/tea-svc      ClusterIP   ...              <none>        80/TCP    ...NAME                                DESIRED   CURRENT   READY   AGEreplicaset.apps/coffee-7c86d7d67c   2         2         2       ...replicaset.apps/tea-5c457db9        3         3         3       ...NAME                     READY   UP-TO-DATE   AVAILABLE   AGEdeployment.apps/coffee   2/2     2            2           ...deployment.apps/tea      3/3     3            3           ...

1. Add the NGINX Helm repository:

   Linux/macOS

   Windows

   Copy
   helm repo add nginx-stable https://helm.nginx.com/stablehelm repo update

2. Install the Ingress controller with the NodePort service by running the command:

   Linux/macOS

   Windows

   Copy
   helm install nginx-ingress-http nginx-stable/nginx-ingress \ --create-namespace --namespace example-nginx-ingress-http \ --set controller.service.type=NodePort \ --set controller.service.httpsPort.enable=false \ --set controller.service.externalTrafficPolicy=Local

3. Wait until the installation of the Ingress-Controller is completed and the port is assigned to the controller.

   To check the status of the Ingress Controller, run the command:

   Copy
   kubectl get svc -n example-nginx-ingress-http

   The output of the command should be similar to this one:

   Copy
   NAME                               TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)                     AGEnginx-ingress-http-nginx-ingress   NodePort   ...            <none>        80:<assigned port>/TCP   ...

The HTTP load balancer will terminate SSL/TLS connections and redirect HTTP traffic to the Ingress controller.

To configure the load balancer:

1. Gather the necessary data:

   • The names of the network and subnet where the cluster nodes reside.
   • Names of Cloud Servers service instances that correspond to cluster's master nodes and worker nodes.
   • The port number that was assigned to the Ingress controller in the previous step.

2. Create a balancer:

   1. Go to personal account VK Cloud.
   2. Select the project where the desired cluster is located.
   3. Go to Virtual networks → Load balancers.
   4. Click the Add button.
   5. In the window that appears:

      1. Set Loadbalancer name (any).

      2. Select the network and subnet that match that of the cluster.

      3. Set the DNS-name (any).

      4. Make sure the Assign external IP option is enabled.

      5. Set the processing parameters for each type of traffic:

         For HTTP traffic

         For HTTPS traffic

         1. In the Balancer rules block, click the + Add rule link.

         2. Select Assignment protocol HTTP, set for it the port that was assigned to the Ingress controller.

         3. In the Allowed CIDRs block, click the link + Add address. Enter 0.0.0.0.0/0.

         4. Select the Send X-Forwarded-For header option.

         5. In the Apply to the following instances block, add all Cloud Servers service instances that correspond to the cluster master nodes and worker nodes.

            Set the same weights for all instances equal to 1.

         6. Click the Next step button.

         7. Click the Add button.

   The load balancer creation operation will start, which will take some time.

3. Once the balancer is created, copy its public IP address, you will need it to access the resources published through Ingress.

The Ingress resource will publish the coffee-svc and tea-svc services on the cafe.example.com domain through the Ingress controller, thus providing access to the applications.

The following will demonstrate how to create an Ingress resource that works exclusively with HTTP traffic that comes from the HTTP balancer configured earlier:

1. Create a cafe-ingress.yaml manifest file with the following contents:

   cafe-ingress.yaml

2. Apply this manifest to the cluster:

   Copy
   kubectl apply -f ./cafe-ingress.yaml

   Будет создан ресурс Ingress cafe-ingress.

3. Verify that the resource was created successfully by running the command:

   Copy
   kubectl describe ingress cafe-ingress

   The output of the command should be similar to this one:

   Copy
   Name:             cafe-ingress-httpLabels:           <none>Namespace:        defaultAddress:Ingress Class:    nginxDefault backend:  <default>Rules:  Host              Path  Backends  ----              ----  --------  cafe.example.com                    /tea      tea-svc:80 (10.100.54.15:8080,10.100.54.16:8080,10.100.54.17:8080)                    /coffee   coffee-svc:80 (10.100.54.13:8080,10.100.54.14:8080)

1. Check that pods named tea and coffee exist by getting a list of all pods in the default namespace:

   Copy
   kubectl get pods

2. Run the command:

   Coffee

   Tea

   Copy
   curl -k --resolve cafe.example.com:443:<public IP address of the HTTP load balancer> https://cafe.example.com/coffee

   The request should be answered by one of the two coffee pods. The response will contain the name of the pod that responded (Server name), for example:

   Copy
   Server address: ...:8080Server name: coffee-7c86d7d67c-zsmwzDate: ...URI: /coffeeRequest ID: ...

   Receiving such responses means that the Ingress controller is configured correctly:

   • interacts with VK Cloud HTTP load balancer (which terminates SSL\TLS sessions);
   • provides access to services corresponding to the deployed applications.

1. If the Kubernetes resources you created are no longer needed, delete them.

   Linux/macOS

   Windows

   Copy
   kubectl delete -f ./cafe-ingress.yamlkubectl delete -f ./cafe.yamlhelm uninstall nginx-ingress-http -n example-nginx-ingress-httpkubectl delete namespace example-nginx-ingress-http

2. A running cluster consumes computing resources. If you no longer need it:

   • stop it to use it later;
   • delete it permanently.