Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using a Classic Load Balancer.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
- A set of configured ELB subnets.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and useservice-elb
as base:bases: #- ../ingress-alb - ../service-elb #- ../service-azurelbEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and enable only theservice-elb
patch:patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml - path: patches/service-elb.yaml #- path: patches/service-azurelb.yamlEdit
rok/nginx-ingress-controller/overlays/deploy/patches/service-elb.yaml
and set theaws-load-balancer-internal
annotation. Choose one of the following options, based on the ELB scheme:annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "false" # <-- Update this line.annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" # <-- Update this line.Enable the firewall in your Classic Load Balancer and allow access only to specific CIDRs. Choose one of the following options, based on your ELB scheme:
Edit
rok/nginx-ingress-controller/overlays/deploy/patches/service-elb.yaml
and setloadBalancerSourceRanges
to the desired trusted CIDRs. Leave the default value of0.0.0.0/0
if you want to allow access for everyone:spec: loadBalancerSourceRanges: - "0.0.0.0/0" # <-- Update this line.See also
Skip specifying any CIDRs since the ELB will be a private one and as such not reachable outside your VPC.
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Classic Load Balancer"Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy
Verify¶
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1mVerify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer 10.32.1.249 a4d794bfa6d7e440facc4398bf96edde-992601283.us-east-1.elb.amazonaws.com 80:30099/TCP,443:30719/TCP 1mTroubleshooting
The Service object does not get an EXTERNAL-IP.
Describe the service:
root@rok-tools:~/ops/deployments# kubectl describe service -n ingress-nginx ingress-nginxIf you see an event like the following:
Events: Type Reason Age From Message ---- ------ ---- ---- ------- Warning UnAvailableLoadBalancer 1m service-controller There are no available nodes for LoadBalancerit means that your subnets are misconfigured.
Verify your subnets configuration.