GKE also supports Kubernetes ingress, which can set up the GCP L7 LoadBalancer to dispatch HTTP requests to the target service based on the URL. You just need to set up one or more NodePort services and then create ingress rules to point to the services. Behind the scenes, Kubernetes automatically creates and configures the following firewall rules; health check, backend service, forwarding rule, and url-maps.
Let's create same examples that use nginx and Tomcat to deploy to the Kubernetes cluster first. These use Kubernetes Services that bind to NodePort instead of LoadBalancer:
At present, you can't access Kubernetes Service because there are as yet no firewall rules that allow access to it from the internet. Consequently, let's create Kubernetes ingress to point to these services.
Kubernetes ingress definition is quite similar to GCP backend service definition as it needs to specify a combination of URL path, Kubernetes service name, and service port number. In this scenario, the / and /* URLs point to the nginx service, while the /examples and /examples/* URLs also point to the Tomcat service, as follows:
$ cat nginx-tomcat-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata:
name: nginx-tomcat-ingress
spec: rules: - http: paths: - path: / backend: serviceName: nginx servicePort: 80 - path: /examples backend: serviceName: tomcat servicePort: 8080 - path: /examples/* backend: serviceName: tomcat servicePort: 8080
$ kubectl create -f nginx-tomcat-ingress.yaml ingress "nginx-tomcat-ingress" created
It takes around 10 to 15 minutes to fully configure GCP components such as health check, forwarding rule, backend services, and url-maps:
$ kubectl get ing NAME HOSTS ADDRESS PORTS AGE nginx-tomcat-ingress * 107.178.253.174 80 1m
You can also check the status on the web console, as follows:
Once you've completed setting up of the L7 LoadBalancer, you can access the public IP LoadBalancer address (http://107.178.253.174/) to see the nginx page. As well as accessing http://107.178.253.174/examples/, you can see the tomcat example page.
In the preceding steps, we created and assigned an ephemeral IP address for the L7 LoadBalancer. However, the best practice when using L7 LoadBalancer is to assign a static IP address instead, because you can also associate DNS (FQDN) to the static IP address.
To do that, update the ingress setting to add an annotation named kubernetes.io/ingress.global-static-ip-name to associate a GCP static IP address name, as follows:
//allocate static IP as my-nginx-tomcat $ gcloud compute addresses create my-nginx-tomcat --global
//check assigned IP address $ gcloud compute addresses list NAME REGION ADDRESS STATUS my-nginx-tomcat 35.186.227.252 IN_USE
//add annotations definition $ cat nginx-tomcat-static-ip-ingress.yaml apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-tomcat-ingress annotations: kubernetes.io/ingress.global-static-ip-name: my-nginx-
tomcat spec: rules: - http: paths: - path: / backend: serviceName: nginx servicePort: 80 - path: /examples backend: serviceName: tomcat servicePort: 8080 - path: /examples/* backend: serviceName: tomcat servicePort: 8080
//apply command to update Ingress $ kubectl apply -f nginx-tomcat-static-ip-ingress.yaml
//check Ingress address that associate to static IP $ kubectl get ing NAME HOSTS ADDRESS PORTS AGE nginx-tomcat-ingress * 35.186.227.252 80 48m
So, now you can access the ingress via a static IP address such as http://35.186.227.252/ (nginx) and http://35.186.227.252/examples/ (Tomcat) instead of an ephemeral IP address. This benefits to the user and preserves the static IP address. For example, when you recreate an ingress, the IP address won't be changed.