Ingress-Ngnix with AWS Network Load Balancer
This article explains the setup of ingress-ngnix with the AWS network load balancer in a kubernet cluster running on AWS.
Ingress
Ingress in kubernetes is a way of exposing HTTP/HTTPS traffic from outside to services with in a cluster. An ingress can be configured to route traffic to one or more services, load balance, and TLS/SSL termination.
Ingress Controller
There must be an ingress controller to in order for the ingress to work. Ingress controller constantly monitors the ingress resources through the kubernetes API and configures the load balancer according the rules specified.
Kubernetes project currently supports GCE and nginx controlls, but there are several others third party controllers goes well with the kubernetes deployment as well.
Pre-requisite
- A kubernetes or kubernetes based cluster (EKS etc) must be available on AWS to perform the steps given in this article. Refer this article to see how to setup kubernetes cluster using KOPS.
2. Download or clone the example YAML files from the github repo — https://github.com/hmanikkothu/aws-nlb-with-nginx-ingress-kubernetes
Create TLS secrets
Create a self signed certificate, and make it available as a secret in order to configure TLS termination on the ngnix.
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=mydomain.com/O=mydomain.com"$ kubectl create secret tls tls-secret --key tls.key --cert tls.crt
Create mandatory resources
Create required namespace, ConfigMaps, ServiceAccount, Role, RoleBinding and ingress-controller deployment.
$ kubectl apply -f 01-mandatory-ngnix-objs.yamlCreate NLB Service for the ingress-controller
This will create a service with annotation ‘ service.beta.kubernetes.io/aws-load-balancer-type: nlb’ and type=LoadBalancer
$ kubectl apply -f 02-aws-nlb-service.yamlCreate demo apps and services
Create a ‘blue-svc’ and ‘red-svc’ services points to ‘hashicorp/http-echo’ deployments for the demo.
$ kubectl apply -f 03-app-blue-svc.yaml
$ kubectl apply -f 04-app-red-scv.yamlCreate Ingress
Create an ingress with routing rules added for both ‘blue-svc’ (/bluesv) and ‘red-svc’ (/redsvc) services.
$ kubectl apply -f 05-nginx-ingress.yamlNavigate to the AWS console and verify that a new NLB is created with appropriate Listeners added as per the ingress rules.
Configure Route 53
Note the DNS name of the NLB from the previous step, use it to configure ‘CNAME’ record in Route 53 for the ‘host’ used in the Ingress.
For example, in this demo, the host name used in ‘05-nginx-ingress.yaml’ file is ‘dev.kops.mydomain.com’. So, create a CNAME Record in Route 53 with name ‘dev.kops.mydomain.com’ and value is the DNS name of NLB.
Test
Now the cluster should be ready to accept incoming request through the ngnix ingress controller setup. Use urls ‘https://dev.kops.mydomain.com/bluesvc’ ‘https://dev.kops.mydomain.com/redsvc’ to access blue and red test services respectively.
