Ingress 

In Chapter 5, Building Continuous Delivery Pipelines, we learned about the concept of ingress , and when and how to use it. Ingress  defines a set of rules allowing the inbound connection to access Kubernetes cluster services. It routes the traffic into cluster at L7, and the controller brings the traffic to the nodes. When GCP is the cloud provider, a L7 load balancer will be created if an ingress is created, as well as related firewall rules, health checks, backend services, forwarding rules, and a URL map. A URL map in GCP is a mechanism that contains a set of rules and forwards requests to the corresponding backend services.

In this recipe, we'll reuse the examples from Chapter 5, Building Continuous Delivery PipelinesNodeport-deployment.yaml and echoserver.yaml. Next is an illustration of how these two services work from Chapter 5, Building Continuous Delivery Pipelines:

Ingress illustration

We will create an ingress for nginx and echoserver, that routes to different services. When the traffic comes in, the pod ingress controller will decide with service to route to.

Here is an example for ingress . Please note that you might want to add the host name inside the rules section if you want the underlying services to always be visited from a certain host name:

# cat INGRESS.yaml
apiVersion: extensions/v1beta1
kind: INGRESS
metadata:
  name: my-INGRESS
  annotations:
    INGRESS.kubernetes.io/rewrite-target: /
spec:
  rules:
    - http:
        paths:
          - path: /
            # default backend
            backend:
              serviceName: nodeport-svc
              servicePort: 8080
          - path: /nginx
            # nginx service
            backend:
              serviceName: nodeport-svc
              servicePort: 8080
          - path: /echoserver
            # echoserver service
            backend:
              serviceName: echoserver-svc
              servicePort: 8080

// create nodeport-svc (nginx) service
# kubectl create -f nodeport-deployment.yaml
deployment "nodeport-deploy" created
service "nodeport-svc" created

// create echoserver-svc (echoserver) service
# kubectl create -f echoserver.yaml
deployment "echoserver-deploy" created
service "echoserver-svc" created

// create INGRESS
# kubectl create -f INGRESS.yaml
INGRESS "my-INGRESS" created

Please double-check that the underlying service is configured as a NodePort type. Otherwise you might encounter errors such as googleapi: Error 400: Invalid value for field 'namedPorts[1].port': '0'. Must be greater than or equal to 1, invalid error from loadbalancer-controller.

After a few minutes, the L7 load balancer will be created and you'll be able to see it from the GCP console or by using the gcloud command. Let's use kubectl to check if the backend service in INGRESS is healthy:

// kubectl describe INGRESS $INGRESS_name
# kubectl describe INGRESS my-INGRESS

curl Name:             my-INGRESS
Namespace:        default
Address:          35.190.46.137
Default backend:  default-http-backend:80 (10.32.2.3:8080)
Rules:
  Host  Path  Backends
  ----  ----  --------
  *
        /             nodeport-svc:8080 (<none>)
        /nginx        nodeport-svc:8080 (<none>)
        /echoserver   echoserver-svc:8080 (<none>)
Annotations:
  backends:         {"k8s-be-31513--91cf30ccf285becb":"HEALTHY","k8s-be-31780--91cf30ccf285becb":"HEALTHY","k8s-be-32691--91cf30ccf285becb":"HEALTHY"}
  forwarding-rule:  k8s-fw-default-my-INGRESS--91cf30ccf285becb
  rewrite-target:   /
  target-proxy:     k8s-tp-default-my-INGRESS--91cf30ccf285becb
  url-map:          k8s-um-default-my-INGRESS--91cf30ccf285becb
Events:
  Type    Reason   Age               From                     Message
  ----    ------   ----              ----                     -------
  Normal  Service  2m (x11 over 1h)  loadbalancer-controller  no user specified default backend, using system default

We can see the three backends are healthy and the related forwarding rules, target proxy, and URL map have been all created. We can get a comprehensive view from the GCP console by visiting discovery and load balancing in GKE or the Load balancing tab in network services:

Discovery and Load balancing

The backend is illustrated here:

Backend services

From time to time, your ingress resource might encounter updates. When you redeploy it, there is no guarantee that GCP will allocate the same IP address to your load balancer. This might introduce a problem when the IP address is associated with a DNS name. The target IP address will need to be updated every time the IP is changed. This could be resolved by a static external IP address plus kubernetes.io/INGRESS.global-static-ip-name annotation:

// allocate static IP as my-external-ip
# gcloud compute addresses create my-external-ip –global


// check external-ip
# gcloud compute addresses list
NAME            REGION  ADDRESS        STATUS
my-external-ip          130.211.37.61  RESERVED
After external IP is prepared, we could start launching our INGRESS now.
# cat INGRESS-static-ip.yaml
apiVersion: extensions/v1beta1
kind: INGRESS
metadata:
  name: my-INGRESS-static-ip
  annotations:
    INGRESS.kubernetes.io/rewrite-target: /
    kubernetes.io/INGRESS.global-static-ip-name: my-external-ip
spec:
  rules:
    - http:
        paths:
          - path: /
            # default backend
            backend:
              serviceName: nodeport-svc
              servicePort: 8080
          - path: /nginx
            # nginx service
            backend:
              serviceName: nodeport-svc
              servicePort: 8080
          - path: /echoserver
            # echoserver service
            backend:
              serviceName: echoserver-svc
              servicePort: 8080


# kubectl create -f INGRESS-static-ip.yaml
INGRESS "my-INGRESS-stati-ip" created

Let's describe my-INGRESS and see if it binds properly with the external IP we created :

# kubectl describe INGRESS my-INGRESS
Name:             my-INGRESS
Namespace:        default
Address:          130.211.37.61
Default backend:  default-http-backend:80 (10.32.2.3:8080)
Rules:
  Host  Path  Backends
  ----  ----  --------
  *        /             nodeport-svc:8080 (<none>)
        /nginx        nodeport-svc:8080 (<none>)        /echoserver   echoserver-svc:8080 (<none>)Annotations:
  backends:         {"k8s-be-31108--91cf30ccf285becb":"HEALTHY","k8s-be-31250--91cf30ccf285becb":"HEALTHY","k8s-be-32691--91cf30ccf285becb":"HEALTHY"}  forwarding-rule:  k8s-fw-default-my-INGRESS--91cf30ccf285becb  rewrite-target:   /  target-proxy:     k8s-tp-default-my-INGRESS--91cf30ccf285becb  url-map:          k8s-um-default-my-INGRESS--91cf30ccf285becbEvents:  Type    Reason   Age               From                     Message  ----    ------   ----              ----                     -------  Normal  ADD      27m               loadbalancer-controller  default/my-INGRESS  Normal  CREATE   25m               loadbalancer-controller  ip: 130.211.37.61
  Normal  Service  4m (x6 over 25m)  loadbalancer-controller  no user specified default backend, using system default

We're all set. Nginx and echoserver can be visited via the external static IP 130.211.37.61, and we're able to associate a DNS name with it by using the cloud DNS service in GCP.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset