A Kubernetes ingress resource provides HTTP or HTTPS routing from outside the cluster to one or more services within the cluster. TKG clusters support ingress through third-party controllers, such as Nginx.

This tutorial demonstrates how to deploy a Kubernetes ingress service based on NGINX for routing external traffic to services in your TKG cluster. An ingress service requires an ingress controller. We install the NGINX Ingress controller using Helm. Helm is a package manager for Kubernetes.

Note: There several ways to accomplish this task. The steps here provide one approach. Other approaches may be more suitable for you in your given environment.

Prerequisites

  • Review the Ingress resource in the Kubernetes documentation.
  • Review the Nginx Ingress controller documentation.
  • Provision a TKG cluster.
  • Enable pod security policy, if necessary.
  • Connect to the TKG cluster.

Procedure

  1. Install Helm by referring to the documentation.
  2. Install the NGINX Ingress controller using Helm.
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    helm install ingress-nginx ingress-nginx/ingress-nginx
  3. Verify that the Nginx ingress controller is deployed as a service of type LoadBalancer.
    kubectl get services
    NAME                                 TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
    ingress-nginx-controller             LoadBalancer   10.16.18.20    10.19.14.76   80:30635/TCP,443:30873/TCP   59m
    ingress-nginx-controller-admission   ClusterIP      10.87.41.25    <none>        443/TCP                      59m
    
  4. Ping the load balancer using the external IP address.
    ping 10.19.14.76
    Pinging 10.19.14.76 with 32 bytes of data:
    Reply from 10.19.14.76: bytes=32 time<1ms TTL=62
    Reply from 10.19.14.76: bytes=32 time=1ms TTL=62
    
  5. Verify that the Nginx Ingress controller is running.
    kubectl get pods
    NAME                                        READY   STATUS    RESTARTS   AGE
    ingress-nginx-controller-7c6c46898c-v6blt   1/1     Running   0          76m
  6. Create an ingress resource with an ingress rule and path named ingress-hello.yaml.
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: ingress-hello
    spec:
      rules:
      - http:
          paths:
          - path: /hello
            backend:
              serviceName: hello
              servicePort: 80
    
    Attention: The Kubernetes API networking.k8s.io/v1beta1 is deprecated from Kubernetes v1.22 onwards. The new API to use is networking.k8s.io/v1, and it involves several manifest changes which are documented here https://kubernetes.io/docs/reference/using-api/deprecation-guide/.
  7. Deploy the ingress-hello resource.
    kubectl apply -f ingress-hello.yaml
    ingress.networking.k8s.io/ingress-hello created
  8. Verify that the ingress resource is deployed.
    Note that the IP address maps to the external IP of the ingress controller.
    kubectl get ingress
    NAME            CLASS    HOSTS   ADDRESS         PORTS   AGE
    ingress-hello   <none>   *       10.19.14.76     80      51m
  9. Create a hello test app and service named ingress-hello-test.yaml..
    kind: Service
    apiVersion: v1
    metadata:
      name: hello
    spec:
      selector:
        app: hello
        tier: backend
      ports:
      - protocol: TCP
        port: 80
        targetPort: http
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: hello
    spec:
      replicas: 3
      selector:
        matchLabels:
          app: hello
          tier: backend
          track: stable
      template:
        metadata:
          labels:
            app: hello
            tier: backend
            track: stable
        spec:
          containers:
            - name: hello
              image: "gcr.io/google-samples/hello-go-gke:1.0"
              ports:
                - name: http
                  containerPort: 80
    
  10. Deploy the ingress-hello-test resource.
    kubectl apply -f ingress-hello-test.yaml
    service/hello created
    deployment.apps/hello created
  11. Verify that the hello deployment is available.
    kubectl get deployments
    NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
    hello                      3/3     3            3           4m59s
    ingress-nginx-controller   1/1     1            1           3h39m
    
  12. Get the public IP address of the load balancer used by the Nginx ingress controller.
    kubectl get ingress
    NAME            CLASS    HOSTS   ADDRESS         PORTS   AGE
    ingress-hello   <none>   *       10.19.14.76     80      13m
  13. Using a browser, navigate to the public IP and include the ingress path.
    http://10.19.14.76/hello
    The message "hello" is returned.
    {"message":"Hello"}

Results

The backend app that is fronted by the service running inside the cluster is accessed externally by the browser through the ingress controller using the external IP address of the load balancer.