MetalLB and NGINX Ingress // Setup External Access for Kubernetes Applications

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
after I set up a new kubernetes cluster and deploy your first application and service there are a couple more things you need to do to make sure your application is accessible from outside the cluster in this video I will show you how you can deploy a load balancer to provision routable external IP addresses for your applications as well as an Ingress controller to enable you to access your applications using domain names let us take a brief look at pod networking in a kubernetes cluster and see how the components we are about to install fall into the picture when you deploy a web app for example in a kubernetes cluster the Pod or pod replicas in the deployment are provisioned a pod IP by the cni plugin this pod is local to the Pod and is only accessible from within the pods Network namespace in order for other ports in the cluster to access this board you have to create a kubernetes network abstraction called a service service will be of type cluster IP and will be assigned a cluster IP address that is reachable from anywhere within the cluster traffic sent to this cluster IP is forwarded to the Pod IP or load balanced across all healthy pod IPS if you have more than one replica in your deployment using destination nut rules using Services enables cluster-wide connectivity between pods but you will not be able to access this cluster IP from outside the cluster using a web browser for example now there are two main you can facilitate external access to a pod and that is one by using a service type of node port and two a service type of load balancer when you create a service with type node port a unique static Port is allocated in the root network namespace of each node and this port is mapped via Port translation to the port exposed by the back end port you likely already have direct network connectivity to your node Network so all you have to do in order to access your application is to connect to the IP address of any node in the cluster using this static port and you will be directed through to the pawn however you likely do not wish to use your node IPS as endpoints to your applications if you're running hundreds or thousands of services you can't keep track of all the ports you open on your nodes not to mention that this opens up a huge security hole in your cluster so a much better way of doing this is to have a separate IP address for every service you wish to explore post your external network you can do this by creating a service of type load balancer each load balancer service instance is assigned a unique externally routable IP address load balancer IP addresses are normally a subset of the nodes physical Network address range this makes these IPS reachable from within your local network so you can simply use the external IP address to directly access your application but there's one caveat to using this service type and that is you need to have a load balancer installed in your cluster which will be responsible for assigning external IP addresses a common load balancer used in bare metal kubernetes clusters is the metal lb load balancer once installed in your cluster you create an IP address pool which is a range of IP addresses to be allocated as external IPS to all services of type load balancer the second metal lb component is a speaker demon set which runs on each node in the cluster each speaker agent uses something called gratuitous app to configure the no network interface to respond to app requests for the assigned IP addresses for example if you have five pods running on a particular node and you have set up a service type of load balancer for each of these pods each service will be assigned an external IP address from the IP address pool the metal lb speaker will then advertise using gratuitous app to any machines on the network that each of these five IP addresses is mapped to the MAC address of the nodes network interface so any machine sending traffic to any of these external IPS will send it to the nodes network interface and it will be forwarded to the appropriate services within the kubernetes cluster using not let us see how this works in practice by deploying the metal below balancer to a kubernetes cluster now if you go over to the metal lb installation documentation it lists several ways in which you can install metal lb in your cluster you can use Helm or customize there's also a metal lb operator or you can choose to use manifest I'm going to use manifest to install but you can as well choose any method that is quicker for you as a prerequisite the documentation says you need to edit the quick proxy config map in the cube system namespace in order to enable strict app then all you have to do at this point to install metal lb is execute the cube CTL apply command with the URL path to the Manifest this will go ahead and create the metal lb system namespace custom resource definitions service accounts roles cluster roles and bindings secrets and finally the metal lb controller deployment and speaker demon set you can run a cube CTL get boards in the metal lb system namespace to verify that everything installed correctly you can also run a cube CTL API resources and grip metal lb to display all the custom resources installed along with metal lb to complete the configuration you need to create an IP address pool and an L2 advertisement so you can define an object of kind IP address pool and specify your range of external IPS you can hear this new IP address pool using the cube CTL apply command in the metal lb system namespace you can also verify that the pool has been created with the cube CTL get IP address pull command similarly we Define another object of kind L2 advertisement and specify the IP address pool advertise we can create the L2 advertisement with Coop CTL apply and verify with cubectl get L2 advertisement now that you have a load balancer installed in the cluster we can test it out by creating a test deployment with a service of type load balancer I have an example deployment manifest here defining a web app deployment and a web app service of type load balancer if I apply that with Cube CTL apply and do a cube CTL get Services I can see that my service has been created successfully I also see the service tab of load balancer and the external IP address assigned by metal lb I can also verify that I can reach the web app with a call command and as you can see everything works properly so at this point you can create multiple services in your cluster and assign each service with a routable external IP which you can use to access your applications but an even better way to access your applications is by using domain names I am sure you would rather avoid the hassle of having to memorize several IP addresses and would prefer using friendly domain names to access your application you also want to reduce the risk of running out of IP addresses especially if you have limits in the number of IP addresses you can allocate in your network to achieve this kind of setup you will need to install an Ingress controller in your cluster an Ingress controller is essentially a reverse proxy which is a server that sits between Cloud devices and web servers it acts as an intermediary for requests from clients to those servers it provides many benefits including load balancing caching SSL termination and much more the Ingress controller will have a service type of load balancer to which metal lb will assign an external IP address you can then point all your domain names and subdomain names to this IP address and the Ingress controller will intelligently route incoming traffic to the appropriate services within your cluster just like load balancers there are several Ingress controllers like traffic or nginx Ingress controller that you can install in your cluster let us see how to deploy the engine X Ingress controller to a kubernetes cluster and again just like metal lb there are a number of methods described in the documentation that you can use to deploy nginx Ingress controller this time I'll use the helm package manager to deploy the controller first we need to pull the engine X Ingress Helm shot with a helmpool command I've after we need to change into the chat directory which should be named engine X Ingress once in there we need to issue the Kube CTL apply Dash F and then the crds directory to deploy all the custom resource definitions used by the controller we can then run the helm install command to deploy the nginx Ingress controller to the cluster once the installation is complete so we can verify this by running a cube CTL get pods in the nginx Ingress NAMM space we can also issue a cube CTL get services and we can see that the nginx Ingress controller service of type load balancer has been created we can also see the external IP address which has been assigned to it by metal lb we can now reconfigure our web app to take advantage of the new Ingress controller to do this first we change our web app service type back to Cluster IP simply removing the type load balancer line will revert the service back to the default type of cluster IP we can apply the deployment manifest for this change to take effect next we Define a new Ingress object we set the Ingress class to engine X which will enable the nginx Ingress controller to pick up and configure this new Ingress we also set the domain name and the host and set the backend service and port number to match the web app service we can apply the Ingress manifest to create the new Ingress a coupe CTL get Ingress shows a newly created Ingress object we can now map the domain name of the web app to the external IP address of the nginx Ingress controller in our local hosts file you can achieve the same effect by creating an air record in your DNS server as well once this is done you can test using call or web browser that you can access the web app via domain name and as you can see the web app is now externally accessible via its domain name so hopefully now you have all the tools you need to set up a load balancer and Ingress controller in your cluster as well as create access to your class applications using external IPS and domain names once again thanks a lot for watching and if you found any value in this video leave a like and please consider subscribing for more kubernetes tutorials I will see you in the next one
Info
Channel: Engineering with Morris
Views: 938
Rating: undefined out of 5
Keywords:
Id: k8bxtsWe9qw
Channel Id: undefined
Length: 10min 40sec (640 seconds)
Published: Tue May 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.