In this blog post i will be deploying Ingress controller along with Load Balancer (LB was deployed in previous post) in to tenant organization VDC kubernetes cluster which has been deployed by Cloud Director Container Service Extension.
What is Ingress in Kubernetes
“NodePort” and “LoadBalancer” let you expose a service by specifying that value in the service’s
type. Ingress, on the other hand, is a completely independent resource to your service. You declare, create and destroy it separately to your services.
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name based virtual hosting.
Before we begin we’ll need to have a few pieces already in place:
- A Kubernetes cluster (See Deployment Options for provider specific details)
kubectlconfigured with admin access to your cluster
- RBAC must be enabled on your cluster
To install Contour, Run:
#$ kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
This command creates:
- A new namespace
- A Kubernetes Daemonset running Envoy on each node in the cluster listening on host ports 80/443
- Now we need to retrieve the external address of the load balancer assigned to Contour by our Load Balancer that we deployed in previous port. to get the LB IP run this command:
- “External IP” is of the range to IP addresses that we had given in LB config , we will NAT this IP on VDC Edge gateway to access this from outside or internet.
Deploy an Application
Next we need to deploy at least one Ingress object before Contour can serve traffic. Note that as a security feature, Contour does not expose a port to the internet unless there’s a reason it should. A great way to test your Contour installation is to deploy the
In this example we will deploy a simple web application and then configure load balancing for that application using the Ingress resource and will access it using load balancer IP/FQDN.This application is hosted at Github , can be downloaded from Here. Once downloaded:
- Create the coffee and the tea deployments and services using
- #kubectl create -f cafe.yaml
- Create a secret with an SSL certificate and a key
- #kubectl create -f cafe-secret.yaml
- Create an Ingress resource
- #kubectl create -f cafe-ingress.yaml
This completes the deployment of the application.
Test the Application
To access the application, browse the coffee and the tea services from your desktop which has access to service network. you will also need to add hostname/ip in to /etc/hosts file or your DNS server
- To get Coffee:
- If your prefer Tea:
This completes the installation and configuration of Ingress on VMware Cloud Director Container Service Extension, Contour is VMware’s open source version of Ingress controller and offers rich feature to consume and can be found Here.