Ingress-Nginx in Kubernetes

Configuring Ingress-Nginx in Kubernetes

Prerequisites

kubectlshould be installed in the local environment or the machine that will be used for the deployment.
Helm should be installed in the local environment or the machine that will be used for deployment.
Install Ingress-Nginx Controller

Install Ingress-Nginx using a Helm chart (recommended)

Configure the Helm Chart

Clone the GitHub repository containing the Helm charts from the GitHub URL or the command provided below:
git clone git@github.com:e6x-labs/helm-charts.git
Customize Chart Values: Navigate to the cloned Helm chart directory (./charts/ingress/ ) and modify the values in the values.yaml file or create a custom value file.
- This file contains configuration options that customize the behavior of the chart during deployment. You can adjust parameters such as the image version, service type, ingress settings, etc., based on your requirements.
- It is mandatory to edit the following values in the values.yaml file:

cloud: <CLOUD_PROVIDER>
alias: <ALIAS_NAME>
workspace: <WORKSPACE_NAME>
cluster: <CLUSTER_NAME>

Deploy the Helm Chart

Use the helm install command to deploy the Helm chart. Provide a release name for the deployment and specify the path to the chart directory. For example:

helm install <RELEASE_NAME> ./charts/ingress/

The above command deploys the Helm chart with <RELEASE_NAME> using the configuration from the ./charts/ingress/ directory.

<RELEASE_NAME> can be set to any value.

Verify Deployment

Use the following kubectl commands to verify that the Kubernetes resources (services & ingresses) have been created and are running as expected:

kubectl get services -n <E6DATA_NAMESPACE>
kubectl get ingress -n <E6DATA_NAMESPACE>

If the Ingress resource has been set up correctly and the e6data engine is exposed externally, external tools & services can now connect to it using the configured hostname or IP address.

A Personal Access Token is required for authentication.

Install Ingress-Nginx using kubectl

Create Service

Create a service file, following the example below:

A separate Service should be created for each e6data cluster (if external access is required for multiple clusters).

Sample e6data-ext-access-service-ingress-nginx.yaml

e6data-ext-access-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: e6data-ext-access-cluster1  # edit as required
  namespace: e6data # change to e6data workspace namespace
  labels:
    cloud: <CLOUD_PROVIDER>
    alias: <ALIAS>
    workspace: <WORKSPACE_NAME>
    cluster: <CLUSTER_NAME>
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: "<IP(S)_TO_BE_ALLOWLISTED>"
    nginx.ingress.kubernetes.io/ssl-certificate: "<CERT(S)_SECRET_NAME>"
spec:
  type: ClusterIP
  selector:
    cloud: <CLOUD_PROVIDER>
    alias: <ALIAS>
    workspace: <WORKSPACE_NAME>
    cluster: <CLUSTER_NAME>
  ports:
  - protocol: TCP
    port: 9000                  # external access port, edit as required
    targetPort: http            # change to HTTPS if SSL certificate is used
    name: http                  # change to HTTPS if SSL certificate is used

To create the Service, apply the manifest to the cluster by running this command:

kubectl apply -f e6data-ext-access-service.yaml

To enable access to multiple clusters, please repeat the steps above to create a separate service file for each cluster.

Create Ingress

To expose a single cluster; one service file & one ingress file is required.
To expose multiple clusters; multiple service files (for each cluster) & one ingress file with multiple paths are required.

Create the ingress file following the examples below:

Expose a Single Cluster

Sample e6data-ingress-nginx-single-cluster.yaml

e6data-ingress-nginx-single-cluster.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: e6data-ext-access
  namespace: default
  labels:
    cloud: <CLOUD_PROVIDER>
    alias: <ALIAS>
    workspace: <WORKSPACE_NAME>
    cluster: <CLUSTER_NAME>
  #annotations:                          # Uncomment for GKE Ingress Controller
    #kubernetes.io/ingress.class: "nginx"
spec:
  ingressClassName: nginx                # Comment out for GKE Ingress Controller
  rules:
    - host: ""                           # optional, domain name
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific  
            backend:
              service:
                name: e6data-ext-access-cluster1  # match the service name
                port:
                  number: 9000

Expose Multiple Clusters

Sample e6data-ingress-nginx-multiple-clusters.yaml

e6data-ingress-nginx-multiple-clusters.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: e6data-ext-access
  namespace: e6data
  labels:
    cloud: <CLOUD_PROVIDER>
    cluster: [<CLUSTER1_NAME>,[<CLUSTER2_NAME>]
    alias: <ALIAS>
    workspace: [<WORKSPACE1>,<WORKSPACE2>]
spec:
  ingressClassName: nginx
  rules:
    - host: ""                                    # optional, domain name
      http:
        paths:
          - path: /<CLUSTER1_NAME>                # edit as required
            pathType: ImplementationSpecific  
            backend:
              service:
                name: e6data-ext-access-cluster1  # match the service name
                port:
                  number: 9000
          - path: /<CLUSTER2_NAME>                # edit as required
            pathType: ImplementationSpecific  
            backend:
              service:
                name: e6data-ext-access-cluster2  # match the service name
                port:
                  number: 9000

To create the Ingress resource, apply the manifest to the cluster:

kubectl apply -f e6data-ingress.yaml

Expose Ports Externally

There are three steps required to externally expose a TCP port:

Create a ConfigMap.
If TCP proxy support is used, then those ports need to be exposed in the Service defined for the Ingress.
Add the ConfigMap to the Ingress Controller's deployment arguments.

Please refer to the official Ingress-Nginx documentation for detailed instructions to externally expose a TCP port according to your requirements.

A sample ConfigMap is provided below:

e6data-ingress-configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: e6data-ext-tcp
  namespace: <E6DATA_K8_NAMESPACE>
data:
  9000: "<E6DATA_K8_NAMESPACE>/<SERVICE_NAME>:9000" # replace default with the e6data k8s namespace

After the required port is externally exposed, the process is complete.

Ingress has now been created and external tools will be able to access the e6data cluster using the configured port/s (9000 in this example).

PreviousGCE Ingress in Kubernetes NextSecurity & Trust

Last updated 1 year ago