Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using a public Azure Load Balancer.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing AKS cluster.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:/# cd ~/ops/deploymentsSpecify the desired DNS name label for your Azure Load Balancer. This name should be globally unique in the Azure region you are using:
root@rok-tools:~/ops/deployments# export AZURELB_DNS_NAME_LABEL=arrikto-clusterCompute the FQDN for your Azure Load Balancer based on the DNS name label:
root@rok-tools:~/ops/deployments# echo ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster.eastus.cloudapp.azure.comEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and useservice-azurelb
as base, instead of the defaultingress-alb
:bases: #- ../ingress-alb #- ../service-elb - ../service-azurelbEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and use theservice-azurelb
patch, instead of the defaultingress-alb
andservice-alb
:patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml #- path: patches/service-elb.yaml - path: patches/service-azurelb.yamlEnable the firewall in your Azure Load Balancer and allow access only to specific CIDRs. Edit
rok/nginx-ingress-controller/overlays/deploy/patches/service-azurelb.yaml
and setloadBalancerSourceRanges
to the desired trusted CIDRs. Leave the default value of0.0.0.0/0
if you want to allow access for everyone:spec: loadBalancerSourceRanges: - "0.0.0.0/0"See also
Edit
rok/nginx-ingress-controller/overlays/deploy/patches/service-azurelb.yaml
and set theservice.beta.kubernetes.io/azure-dns-label-name
annotation to the desired DNS name label for your Azure Load Balancer from step 2:metadata: annotations: service.beta.kubernetes.io/azure-dns-label-name: "arrikto-cluster"Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with an Azure Load Balancer"Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy
Verify¶
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1mVerify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer <none> 10.42.42.42 <none> 1mVerify that the FQDN for your Azure Load Balancer resolves to the LoadBalancer Service IP:
root@rok-tools:~/ops/deployments# host ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}.cloudapp.azure.com arrikto-cluster.eastus.cloudapp.azure.com has address 10.42.42.42