LoadBalancer service, Oracle Container Engine (OKE) and OCI DNS
In Kubernetes, there are a few type of services (ClusterIP, NodePort, LoadBalancer). And then, there is also Ingress and Ingress Controllers. If you still find these confusing, I recommend Sandeep Dinesh’s excellent article.
Let’s explore how you can deploy a public available service on OKE and ensure it is resolvable by DNS.
I’m assuming you already have an OKE cluster running. If not, you can follow my previous post to create one.
Create the application service
kubectl apply -f https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/hello-clusteripsvc.yamldeployment.apps/hello-cluster created
service/hello-cluster-service created
Verify it’s working:
kubectl proxy — port=8080
Using your browser, access the following url: http://localhost:8080/api/v1/namespaces/default/services/hello-cluster-service:80/proxy/
Create a default backend, LoadBalancer service and IngressController
kubectl apply -f https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/default-backend.yamlkubectl apply -f https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/hello-ingress.rbac.yamlkubectl apply -f https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/hello-ingresscontroller.yaml
Create the Ingress
Download the hello-ingress.yaml:
curl -o hello-ingress.yaml https://raw.githubusercontent.com/hyder/okesamples/master/loadbalancer/hello-ingress.yaml
Edit the hello-ingress.yaml:
spec:
rules:
# replace www.example.org with your FQDN
- host: www.example.org
You can now create the Ingress:
kubectl apply -f hello-ingress.yaml
Testing the ingress
Get the public IP address of the Load Balancer and try to access it directly:
The public IP address will be under the EXTERNAL-IP column. In the above example, the public IP address of the Load Balancer is 129.146.154.77
If you try to access the hello service using the IP Address in your browser, this will return you “default backend — 404”. This is because in the Ingress we created, we specified the rule to be host-based instead of IP-based:
spec:
rules:
- host: www.example.org
and the host value in the HTTP request header in your browser is the IP Address for which there is no rule. Since there’s no matching rule, the request is serviced by the default backend.
Edit your local hosts file and add an entry and ensure the host matches what you entered in the ingress:
129.146.154.77 www.example.org
Now access the host using your browser and you should be able to see the Helloworld page.
Caveat: This will not work if you are testing from a network behind a proxy.
Configuring DNS in OCI
- Login to OCI Console and navigate to Edge Services > DNS Zone Management
- Create a Zone and ensure the zone name matches your domain name e.g. example.com.
- Once it’s created, click on the zone and note the nameservers for your zone.
- Login to your DNS registrar e.g. Dyn, GoDaddy and change your nameserver to point to the zones in your zone in step 3. This may take a while to be effective.
- Go back to OCI Console and click on ‘Add Record’
- Choose ‘A — IPv4 Address’
- Add the FQDN e.g. www.example.org
(N.B. you only need to add the hostname in the name field) - In the address field, add the public IP address of the Load Balancer.
- Add a TTL value e.g. 3600
- Click on ‘Submit’ and then ‘Publish Changes’
- Remote the entry from your hosts file you added in the previous step.
- Once the change by your DNS provider and other networks is effective, you should be able to access the Helloworld page using your FQDN in the browser.
For a quick introduction to DNS, you can check these slides.
Note — Free Tier users may experience changes to services included with their account.