Huawei Cloud CCE Kubernetes Ingress — 2: Nginx Ingress
Introduction
Hi, in this article, I will explain the use of Nginx Ingress in Huawei Cloud’s CCE service, which creates a Kubernetes environment. Huawei Cloud supports two Ingress directly. The first is ELB Ingress and the other is Nginx Ingress. The Nginx Ingress is used in this article.
This is the second article in a 3-series article. I recommend reading the previous article.
1 — Huawei Cloud CCE Kubernetes Ingress — 1: ELB Ingress Service with SSL
The architecture below summarizes the topic of this article.
Prerequisites
- Domain Name (You have registered a domain name example.com with a third-party registrar)
- Add a custom domain managed by Huawei Cloud DNS (For detailed information see here)
- CCE Cluster Instance with Worker Node (You can follow here to create CCE Instance)
- Stored Containerized Application (Image) in Software Repository (You can follow here to What is SWR? and How are Container Images stored in SWR?)
In the first article, we showed how to connect the Clusture using kubectl. For that, read the article here. This article is a continuation of the previous article. That’s why we pass some steps quickly. You can complete the whole process by using the links under the references title below.
The container image has been changed as the next post is about sticky session. Therefore, unlike the previous article, a different container image will be used in this demo.
Nginx Ingresss
Kubernetes uses kube-proxy to expose Services and provide load balancing. The implementation is at the transport layer. When it comes to Internet applications, where a bucket-load of information is generated, forwarding needs to be more fine-grained, precisely and flexibly controlled by policies and load balancers to deliver higher performance. This is where Ingresses enter. Ingresses provide application-layer forwarding functions, such as virtual hosts, load balancing, SSL proxy, and HTTP routing, for Services that can be directly accessed outside a cluster.
Kubernetes has officially released the Nginx-based ingress controller. nginx-ingress is an add-on that uses ConfigMaps to store Nginx configurations. The Nginx ingress controller generates Nginx configurations for an ingress and writes the configurations to the pod of Nginx through Kubernetes API.
The nginx-ingress add-on in CCE is implemented using the open-source community chart and image. CCE does not maintain the add-on.
For Nginx Ingress, we first need a Dedicated Load Balancer. Let’s quickly create a Dedicated Load Balancer using the ELB service.
Creating a Dedicated Load Balancer
Elastic Load Balance (ELB) distributes incoming traffic across multiple backend servers based on listening rules. This expands service capabilities of applications and improves their fault tolerance. For more on the ELB, see here.
Let’s go to the Elastic Load Balancer service under all services. Then click on the Buy Elastic Load Balancer button.
Currently only Dedicated supports the Istanbul region. If you’re in another region, select Dedicated as the type.
In the next step, choose New EIP for Public IP. Prefer Traffic as Billed By. We choose Traffic to avoid extra charges. You can choose the value you want for Bandwidth. The fee does not change. Finally, choose Network Load Balancing. Nginx supports Ingress L4, L7 Load Balancer does not. Complete the process by selecting Specification according to your wish.
Installing an Nginx Ingress Add-On
Huawei Cloud CCE service offers add-ons that you can quickly deploy to your Kubernetes environment. One of them is Nginx Ingress Add-on. Click the Add-ons button under Cluster Information to quickly install the Nginx Ingress add-on. Then press the Install button under the nginx-ingress add-on.
Configure Nginx Ingress settings in the newly opened window. Number of replicas, set CPU-Memory limits. In the Load Balancer section, select the Load Balancer Instance that we created above. When creating Nginx Ingress, specify your parameters, if any. We can do this step later. Finally, click the Install button.
After the installation is complete, you can check the status of Nginx Ingres by running the following command line.
kubectl get deployments -A
It’s okay if only one of the two Pods is Ready. It does not meet the Affinity rules because it is running a single Worker Node. Therefore, the second Pod is not Ready.
Deployment & ClusterIP Service
If the Nginx Ingress add-on is installed, let’s quickly deploy our application. For this, let’s create Deployment and Cluster IP Service.
Let’s quickly summarize the manifest. We are deploying a Flask application with 3 replicas. Image is stored in Huawei Cloud’s SWR service. In front of these pods, we create ClusterIP Service running on Port 5000. Let’s run the following line command in the directory where the yaml file is located:
kubeclt apply -f deployment-svc.yamlLet’s run the following command line to check the Deployment and Service resources.
kubectl get svc,deployment -n default
As can be seen from the output, ClusterIP service is running on port 5000 and our 3 Pods are ready.
Nginx Ingress
Now let’s create an Ingress object. The following uses HTTP as an example to describe how to configure the YAML file:
A Basic Nginx Ingress yaml is as above. In this demo, requests coming to the domain ‘http://burakovali.online/' will be directed directly to pods running behind backend-svc. Let’s run the following command line to create Nginx Ingress.
kubectl apply -f ingress.yamlLet’s run the following command line to check the Deployment, Service and Ingress resources:
kubectl get svc,deployment,ing -n default
As can be seen from the output, the ingress resource is working. From here, there is only one step left to do; Adding a Public IP to the Domain Records.
Adding a A Record on Huawei Cloud DNS
The ELB instance we created above created a Public IP for us. We need to add this Public IP as an A record in the DNS service of Huawei Cloud. In the CCE console, let’s go to Network and then Ingress. Let’s get the Public IP by hovering over the Nginx Ingress resource we created above.
Let’s go to DNS Service under Service List. Let’s click on the Manage Records button next to the Domain and add the A Record.
You can find more information about DNS Records from this link.
Let’s send an https request from our browser to http://burakovali.online:
Conclusion
The Kubernetes Ingress object is a very useful. Huawei Cloud directly supports two different Ingress. The first of these is ELB Ingress and the other is Nginx Ingress. In this article, we created Nginx Ingress on Huawei Cloud.
The Nginx ingress creation process, which has very easy steps, provides many important advantages. Don’t forget to take a look at the references below to discover these benefits. The last article will be about Sticky Sessions with ELB and Nginx Ingress.
References
Adding an A Record
Public Domain Name Resolution
SCM and SSL Certificate Usage
Creating Clusters and Pushing Container Image to SWR
Docker Container App, Pull and Push to Huawei Cloud SWR
Create an Nginx Ingress
