Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using a public Azure Load Balancer.
Note
We recommend that you use a new NGINX Ingress Controller dedicated for serving. In this case, proceed to follow this guide.
Otherwise, if you have exposed EKF and you wish to use the NGINX Ingress Controller you have already created, proceed to the What’s Next section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing AKS cluster.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:/# cd ~/ops/deploymentsSpecify the desired DNS name label for your Azure Load Balancer. This name should be globally unique in the Azure region you are using:
root@rok-tools:~/ops/deployments# export SERVING_AZURELB_DNS_NAME_LABEL=arrikto-cluster-servingCompute the FQDN for your Azure Load Balancer based on the DNS name label:
root@rok-tools:~/ops/deployments# echo ${SERVING_AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster-serving.eastus.cloudapp.azure.comEdit
rok/nginx-ingress-controller-serving/overlays/deploy/kustomization.yaml
and useservice-azurelb
as base, instead of the defaultarrikto
:bases: #- ../arrikto #- ../ingress-alb #- ../service-elb - ../service-azurelbEdit
rok/nginx-ingress-controller-serving/overlays/deploy/kustomization.yaml
and enable theservice-azurelb
patch:patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml #- path: patches/service-elb.yaml - path: patches/service-azurelb.yamlEnable the firewall in your Azure Load Balancer and allow access only to specific CIDRs. Edit
rok/nginx-ingress-controller-serving/overlays/deploy/patches/service-azurelb.yaml
and setloadBalancerSourceRanges
to the desired trusted CIDRs. Leave the default value of0.0.0.0/0
if you want to allow access for everyone:spec: loadBalancerSourceRanges: - "0.0.0.0/0"See also
Edit
rok/nginx-ingress-controller-serving/overlays/deploy/patches/service-azurelb.yaml
and set theservice.beta.kubernetes.io/azure-dns-label-name
annotation to the desired DNS name label for your Azure Load Balancer from step 2:metadata: annotations: service.beta.kubernetes.io/azure-dns-label-name: "arrikto-cluster-serving" # <-- Update this line with your SERVING_AZURELB_DNS_NAME_LABEL.Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with an Azure Load Balancer"Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller-serving/overlays/deploy
Verify¶
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx-serving get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1mVerify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx-serving get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer 10.0.156.76 10.42.42.42 80:30253/TCP,443:31855/TCP 1mVerify that the FQDN for your Azure Load Balancer resolves to the LoadBalancer Service IP:
root@rok-tools:~/ops/deployments# host ${SERVING_AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster-serving.eastus.cloudapp.azure.com has address 10.42.42.42