Deploy NGINX Ingress Controller

In this section you will configure and deploy the NGINX Ingress Controller and expose it using an external network load balancer.

See also

• Official docs for Network Load Balancing on Google Cloud.

What You'll Need

• A configured management environment.
• Your clone of the Arrikto GitOps repository.
• An existing GKE cluster.

Procedure

1. Go to your GitOps repository, inside your rok-tools management environment:

   root@rok-tools:~# cd ~/ops/deployments
   

2. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and use service-gclb as base, instead of the default ingress-alb:

   bases:
   #- ../ingress-alb
   #- ../service-elb
   #- ../service-azurelb
   - ../service-gclb
   

3. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and enable only the service-gclb patch, instead of the default ingress-alb and service-alb:

   patches:
   #- path: patches/ingress-alb.yaml
   #- path: patches/service-alb.yaml
   #- path: patches/service-elb.yaml
   #- path: patches/service-azurelb.yaml
   - path: patches/service-gclb.yaml
   

4. Enable the firewall in your Google Cloud Load Balancer and allow access only to specific CIDRs. Edit rok/nginx-ingress-controller/overlays/deploy/patches/service-gclb.yaml and set loadBalancerSourceRanges to the desired trusted CIDRs. Leave the default value of 0.0.0.0/0 if you want to allow access for everyone:

   spec:
     loadBalancerSourceRanges:
     - "0.0.0.0/0"
   

   See also

   • Identify Outbound IP Adresses

5. Commit your changes:

   root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Google Cloud Load Balancer"
   

6. Deploy NGINX Ingress Controller:

   root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy
   

Verify

1. Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:

   root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods
   NAME                                        READY   STATUS    RESTARTS AGE
   nginx-ingress-controller-7f74f657bd-ln59l   1/1     Running   0        1m
   

2. Verify that the Load Balancer Service has an external IP:

   root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service
   NAME            TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(S)                      AGE
   ingress-nginx   LoadBalancer   10.32.1.249   10.42.42.42    80:30099/TCP,443:30719/TCP   1m
   

Summary

You have successfully deployed the NGINX Ingress Controller and exposed it using a Google Cloud Load Balancer.

What's Next

The next step is to create a Cloud DNS managed zone.

• Create Cloud DNS Managed Zone