Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using a Classic Load Balancer.
Before you can load balance application traffic to an application, your VPC must meet the following requirements:
It should have at least two subnets in different Availability Zones, both of which are either public or private. These subnets should have the following tag:
- Key: kubernetes.io/cluster/<CLUSTERNAME>
- Value: shared
The private subnets should have the following tag so that Kubernetes knows what subnets to use for internal load balancers:
- Key: kubernetes.io/role/internal-elb
- Value: 1
The public subnets should have the following tag so that Kubernetes knows what subnets to use for external load balancers:
- Key: kubernetes.io/role/elb
- Value: 1
Go to your GitOps repository, inside your
root@rok-tools:~# cd ~/ops/deployments
service-elbas base, instead of the default
bases: #- ../ingress-alb - ../service-elb #- ../service-azurelb
rok/nginx-ingress-controller/overlays/deploy/kustomization.yamland use the
service-elbpatch, instead of the default
patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml - path: patches/service-elb.yaml #- path: patches/service-azurelb.yaml
rok/nginx-ingress-controller/overlays/deploy/patches/service-elb.yamland set the
aws-load-balancer-internalannotation based on the type of Load Balancer you are going to create:
Use an Internal Load Balancer.
Enable the firewall in your Classic Load Balancer and allow access only to specific CIDRs. Edit
loadBalancerSourceRangesto the desired trusted CIDRs. Leave the default value of
0.0.0.0/0if you want to allow access for everyone:
spec: loadBalancerSourceRanges: - "0.0.0.0/0"
If you don’t have specific firewalling requirements, leave
loadBalancerSourceRangesto the default value. The Load Balancer will be an internal one and as such not reachable outside your VPC.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Classic Load Balancer"
Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1m
Verify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer 10.32.1.249 a4d794bfa6d7e440facc4398bf96edde-992601283.us-east-1.elb.amazonaws.com 80:30099/TCP,443:30719/TCP 1mTroubleshootingThe Service object does not get an EXTERNAL-IP.
Describe the service:
root@rok-tools:~/ops/deployments# kubectl describe service -n ingress-nginx ingress-nginx
If you see an event like the following:
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning UnAvailableLoadBalancer 1m service-controller There are no available nodes for LoadBalancer
it means that your subnets are misconfigured.
You have successfully deployed the NGINX Ingress Controller, and exposed it using a Classic Load Balancer.