Deploy NGINX Ingress Controller¶
In this section you will configure and deploy the NGINX Ingress Controller and expose it using an external network load balancer.
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing GKE cluster.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and useservice-gclb
as base, instead of the defaultingress-alb
:bases: #- ../ingress-alb #- ../service-elb #- ../service-azurelb - ../service-gclbEdit
rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml
and enable only theservice-gclb
patch, instead of the defaultingress-alb
andservice-alb
:patches: #- path: patches/ingress-alb.yaml #- path: patches/service-alb.yaml #- path: patches/service-elb.yaml #- path: patches/service-azurelb.yaml - path: patches/service-gclb.yamlEnable the firewall in your Google Cloud Load Balancer and allow access only to specific CIDRs. Edit
rok/nginx-ingress-controller/overlays/deploy/patches/service-gclb.yaml
and setloadBalancerSourceRanges
to the desired trusted CIDRs. Leave the default value of0.0.0.0/0
if you want to allow access for everyone:spec: loadBalancerSourceRanges: - "0.0.0.0/0"See also
Commit your changes:
root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Google Cloud Load Balancer"Deploy NGINX Ingress Controller:
root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy
Verify¶
Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods NAME READY STATUS RESTARTS AGE nginx-ingress-controller-7f74f657bd-ln59l 1/1 Running 0 1mVerify that the Load Balancer Service has an external IP:
root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE ingress-nginx LoadBalancer 10.32.1.249 10.42.42.42 80:30099/TCP,443:30719/TCP 1m