TCP load balancing with ingress in AKS
Ingress controllers are a classical way to solve HTTP/HTTPS load balancing in Kubernetes clusters; however, they can be used also to balance arbitrary TCP services in your cluster. We’ll use for example the popular message broker RabbitMQ, and we’ll leverage Helm charts to deploy both the ingress controller and the services.
We will start fresh by deploying an AKS cluster in Azure:
az aks create --name rabbitmq --resource-group aks --kubernetes-version 1.8.6 --node-count 3
In just few minutes, you’ll have a working cluster where you are able to deploy all your applications (and you’ll only pay for the 3 Standard_DS1_v2 node VM’s). Source the credentials and start Kubernetes-ing (is that a word?):
az aks get-credentials -n rabbitmq -g ak
Let’s start by deploying a vanilla NGINX ingress controller:
helm install stable/nginx-ingress --namespace ingress --name ingres
and wait until you have an IP address in the service in the “ingress” namespace:
ingress-nginx-ingress-controller LoadBalancer 10.0.78.242 104.46.55.94 80:32540/TCP,443:31183/TCP
Good, HTTP and HTTPS are accounted for. Now, let’s deploy our first RabbitMQ node (the stable/rabbitmq chart deploys one pod, while the stable/rabbitmq-ha deploy a cluster as a statefulset):
helm install --name rabbitmq stable/rabbitmq
Great! Helm will tell you how to retrieve the password for the initial user and how to access the cluster using port forwarding. But how to expose that via the ingress controller?
We can use the this article and create a values.yaml file that contains a single line and update the helm chart for ingress:
cat <<EOF > values.yaml
tcp: {"5672":"default/rabbitmq-rabbitmq:5672","15672":"default/rabbitmq-rabbitmq:15672"
EOFhelm upgrade -f values.yaml ingress stable/nginx-ingress
This will expose the rabbitmq service thru the ingress controller public IP. If you add more rabbitmq clusters (like the following HA cluster):
helm install --name rabbitmq-ha --set rbac.create=false stable/rabbitmq-ha
You just have to update the values.yaml mapping a different external port to the rabbitmq internal ports, and upgrade the ingress chart:
cat <<EOF > values.yaml
tcp: {"5672":"default/rabbitmq-rabbitmq:5672","15672":"default/rabbitmq-rabbitmq:15672","5673":"default/rabbitmq-ha-rabbitmq-ha:5672","15673":"rabbitmq-ha-rabbitmq-ha:15672"
EOFhelm upgrade -f values.yaml ingress stable/nginx-ingress
Simple TCP load balancing, provided by helm, nginx and kubernetes.