Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using a Classic Load Balancer.
Note
We recommend that you use a new NGINX Ingress Controller dedicated for serving. In this case, proceed to follow this guide.
Otherwise, if you have exposed EKF with ELB and you wish to use the NGINX Ingress Controller you have already created, proceed to the What’s Next section.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- A set of configured ELB subnets.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsEdit
rok/nginx-ingress-controller-serving/overlays/deploy/kustomization.yaml
and useservice-elb
as base instead ofarrikto
:bases: #- ../arrikto #- ../ingress-alb - ../service-elb #- ../service-azurelbEdit
rok/nginx-ingress-controller-serving/overlays/deploy/kustomization.yaml
and enable only theservice-elb
patch:patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml - path: patches/service-elb.yaml #- path: patches/service-azurelb.yamlEdit
rok/nginx-ingress-controller-serving/overlays/deploy/patches/service-elb.yaml
and set theaws-load-balancer-internal
annotation. Choose one of the following options, based on the ELB scheme:annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "false" # <-- Update this line.annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" # <-- Update this line.Enable the firewall in your Classic Load Balancer and allow access only to specific CIDRs. Choose one of the following options, based on your ELB scheme:
Edit
rok/nginx-ingress-controller-serving/overlays/deploy/patches/service-elb.yaml
and setloadBalancerSourceRanges
to the desired trusted CIDRs. Leave the default value of0.0.0.0/0
if you want to allow access for everyone:spec: loadBalancerSourceRanges: - "0.0.0.0/0" # <-- Update this line.See also
Skip specifying any CIDRs since the ELB will be a private one and as such not reachable outside your VPC.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Classic Load Balancer"Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller-serving/overlays/deploy
Verify¶
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx-serving get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1mVerify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx-serving get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer 10.32.1.249 a4d794bfa6d7e440facc4398bf96edde-992601283.us-east-1.elb.amazonaws.com 80:30099/TCP,443:30719/TCP 1mTroubleshooting
The Service object does not get an EXTERNAL-IP.
Describe the service:
root@rok-tools:~/ops/deployments# kubectl describe service -n ingress-nginx-serving ingress-nginxIf you see an event like the following:
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning UnAvailableLoadBalancer 1m service-controller There are no available nodes for LoadBalancerit means that your subnets are misconfigured.
Verify your subnets configuration.