A Kubernetes ingress resource provides HTTP or HTTPS routing from outside the cluster to one or more services within the cluster. TKG clusters support ingress through third-party controllers, such as Nginx.
This tutorial demonstrates how to deploy a Kubernetes ingress service based on NGINX for routing external traffic to services in your Tanzu Kubernetes cluster. An ingress service requires an ingress controller. We install the NGINX Ingress controller using Helm. Helm is a package manager for Kubernetes.
Note: There several ways to accomplish this task. The steps here provide one approach. Other approaches may be more suitable for you in your given environment.
Prerequisites
- Review the Ingress resource in the Kubernetes documentation.
- Review the Nginx Ingress controller documentation.
- Provision a TKG cluster.
- Enable pod security policy, if necessary.
- Connect to the TKG cluster.
Procedure
- Install Helm by referring to the documentation.
- Install the NGINX Ingress controller using Helm.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx
- Verify that the Nginx ingress controller is deployed as a service of type LoadBalancer.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.16.18.20 10.19.14.76 80:30635/TCP,443:30873/TCP 59m
ingress-nginx-controller-admission ClusterIP 10.87.41.25 <none> 443/TCP 59m
- Ping the load balancer using the external IP address.
Pinging 10.19.14.76 with 32 bytes of data:
Reply from 10.19.14.76: bytes=32 time<1ms TTL=62
Reply from 10.19.14.76: bytes=32 time=1ms TTL=62
- Verify that the Nginx Ingress controller is running.
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7c6c46898c-v6blt 1/1 Running 0 76m
- Create an ingress resource with an ingress rule and path named
ingress-hello.yaml.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-hello
spec:
rules:
- http:
paths:
- path: /hello
backend:
serviceName: hello
servicePort: 80
- Deploy the
ingress-hello resource.
kubectl apply -f ingress-hello.yaml
ingress.networking.k8s.io/ingress-hello created
- Verify that the ingress resource is deployed.
Note that the IP address maps to the external IP of the ingress controller.
kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-hello <none> * 10.19.14.76 80 51m
- Create a hello test app and service named ingress-hello-test.yaml..
kind: Service
apiVersion: v1
metadata:
name: hello
spec:
selector:
app: hello
tier: backend
ports:
- protocol: TCP
port: 80
targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
spec:
replicas: 3
selector:
matchLabels:
app: hello
tier: backend
track: stable
template:
metadata:
labels:
app: hello
tier: backend
track: stable
spec:
containers:
- name: hello
image: "gcr.io/google-samples/hello-go-gke:1.0"
ports:
- name: http
containerPort: 80
- Deploy the
ingress-hello-test resource.
kubectl apply -f ingress-hello-test.yaml
service/hello created
deployment.apps/hello created
- Verify that the
hello deployment is available.
NAME READY UP-TO-DATE AVAILABLE AGE
hello 3/3 3 3 4m59s
ingress-nginx-controller 1/1 1 1 3h39m
- Get the public IP address of the load balancer used by the Nginx ingress controller.
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-hello <none> * 10.19.14.76 80 13m
- Using a browser, navigate to the public IP and include the ingress path.
The message "hello" is returned.
{"message":"Hello"}
Results
The backend app that is fronted by the service running inside the cluster is accessed externally by the browser through the ingress controller using the external IP address of the load balancer.
