Open in app

Sign in

Write

Sign in

Kubernetes Ingress Setup

Siddharth Lakhani
4 min readAug 8, 2022

--

Kubernetes Nginx Ingress
Kubernetes Nginx Ingress

What is Ingress?
Ingress is an API object which manages the routing policies of HTTP and HTTPS by exposing the request routes from outside the cluster to services within the cluster.
An Ingress consisting two different parts:
1. Ingress Controller.
2. Ingress Resources.

Ingress Controller:
In order to work with Ingress Resources, Ingress Controller must be running in the cluster.
Kubernetes supports AWS, GCE, Nginx Ingress, and other different kinds of controllers.
In this example for documentation, Nginx Ingress Controller is used.

Nginx Ingress Controller includes YAML configurations as follows:
1. Nginx Ingress Deployment.
2. ConfigMap.
3. ServiceAccount.
4. Roles.
5. RoleBinding.
6. ClusterRole.
7. ClusterRoleBinding.
9. Service Type NodePort.

Ingress Resources:
In Ingress Resources will define the set of traffic rules or network policies to access the services available externally.
Here is a simple example of ingress.

Ingress
Ingress

There are two types of routing policies that can be defined in Ingress Resources:
Type 1: Two hosts and a Single Path.
Type 2: Single host and Two Paths.

For this documentation Type, 2 Routing policy is used.
The simple routing policy diagram is shown below:

Two hosts and Single Path Routing Policy
Two hosts and Single Path Routing Policy

Pre-requisites of the Kubernetes Ingress Setup:
In this cluster setup, one master node and a worker node is used.
Cluster setup is done by using Kubeadm.
The machine configuration and minimum specs are used as follows:

Ingress Configuration Steps:
Step 1: Clone Repository.
Clone repository of kubernetes-nginx-ingress using below command in the master node.

git clone https://github.com/sidlakhani94/kubernetes-nginx-ingress.git

Step 2: Deploy Nginx Ingress Controller
Deploy all the required configurations of Nginx Ingress Controller using the following command.

nginx-controller-ingress-deploy.yaml
kubectl apply -f nginx-controller-ingress-deploy.yaml

Step 3: Expose ports of HTTP and HTTPS of Nginx Ingress Controller.
Expose the ports 80 and 443 which are used in the Nginx Ingress Controller Deployment file using the below command.

expose-ingress.yaml
kubectl apply -f expose-ingress.yaml

Step 4: Deploy the watch app and wear app using its deployment files.
Create deployment of watch app and expose its port by using service type NodePort.

nginx-watch-deploy.yaml
kubectl apply -f nginx-watch-deploy.yaml

Same way create a deployment of the wear app and expose its port by using service type NodePort.

nginx-wear-deploy.yaml
kubectl apply -f nginx-wear-deploy.yaml

Step 5: Configure SSL/TLS in ingress.
Now to configure SSL/TLS in ingress there are 3 ways to create certificates.
1. Self-Signed Certificates.
2. Purchase an SSL Certificate.
3. Use Letsencrpt Certificate.

For this setup Self-Signed Certificates is used and steps to create certificates as follows:
1. Create Self root CA certificate and CA private key.
2. Create server private key to generate CSR.
3. Create an SSL certificate with CSR using self root CA and CA private key.

To generate all required certificates openssl-cert.sh script is available in repository so, 1st create hidden directory named openssl and inside it create certs folder using below command and download that script in that folder.

mkdir -p ~/.openssl/certs

In this script values given in below must be change as per current scenario.

[ dn ]
C = < Country >
ST = < State >
L = < City >
O = < Organization >
OU = < Organization Unit >
CN = ${DOMAIN}[ req_ext ]
subjectAltName = @alt_names[ alt_names ]
DNS.1 = ${DOMAIN}
DNS.2 = www.${DOMAIN}
IP.1 = < Master IP >
IP.2 = < Master Cluster IP >

Then use the following commands to generate certificates.

chmod +x openssl-cert.sh
./openssl-cert.sh your-host-name

Source: Script Reference https://devopscube.com/create-self-signed-certificates-openssl/

Step 6: Create Kubernetes’ Secret using server.crt and server.key files.
After executing the above scripts we will obtain mainly two certificate files which are server.crt and server.key (name may be changed). So, using these files create a Secret using the following command.

kubectl create secret tls nginx-ingress-tls \
 — namespace default \
 — key server.key \
 — cert server.crt

This can be achieved by using nginx-ingress-tls.yaml file also.

nginx-ingress-tls.yaml
kubectl apply -f nginx-ingress-tls.yaml

Step 7: Create Ingress Resources.
Create Ingress Resources using nginx-resources.yaml file.

nginx-resources.yaml
kubectl apply -f nginx-resources.yaml

In the spec section of nginx-resources.yaml file the name of Secret is mentioned in tls section as below:

spec:
tls:
- hosts:
- kmaster.local
secretName: nginx-ingress-tls

Step 8: Test accessibility using the curl command.

curl https://<host-name>/watch -kv
curl https://<host-name>/wear -kv

References:
https://kubernetes.io/docs/concepts/services-networking/ingress/
https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/
https://kubernetes.io/docs/tasks/administer-cluster/certificates/
https://devopscube.com/configure-ingress-tls-kubernetes/
https://devopscube.com/create-self-signed-certificates-openssl/

Kubernetes
Nginx Ingress
Nginx Ingress Controller
Kubernetes Service
Kubernetes Cluster

--

--

Siddharth Lakhani

Written by Siddharth Lakhani

12 Followers

DevOps Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams