fill=#000/>/>
Navigate back to the homepage

Deploy nginx Ingress on kubernetes

Fahmi
February 20th, 2020 · 1 min read

Hi sobat, Sebelumnya kita sudah bahas disini sekarang saatnya deploy ingress menggunakan nginx, kenapa kita memilih balik lagi ke nginx yaa salah satunya banyak feature yang masih dipake untuk service apps kita. semua feature tersebut kita bisa set melalui configmap dan annotations.

Configmap

list configmap bisa lihat disini

Annotations

list annotations bisa lihat disini

Ingress masuk dalam katagori layer 7 jadi http/https aja. jika kalian mau custom port bisa memilih opsi menggunakan NodePort atau LoadBalancer. detail bisa dilihat disini, oke langgsung masuk kepembahasan setup ingress menggunakan nginx dikubernetes (baremetal):

  • Create file mandatory (NS, RBAC, Configmap, Deployment)

mandatory.yaml

1apiVersion: v1
2kind: Namespace
3metadata:
4  name: ingress-nginx
5  labels:
6    app.kubernetes.io/name: ingress-nginx
7    app.kubernetes.io/part-of: ingress-nginx
8
9---
10
11kind: ConfigMap
12apiVersion: v1
13metadata:
14  name: nginx-configuration
15  namespace: ingress-nginx
16  labels:
17    app.kubernetes.io/name: ingress-nginx
18    app.kubernetes.io/part-of: ingress-nginx
19
20---
21kind: ConfigMap
22apiVersion: v1
23metadata:
24  name: tcp-services
25  namespace: ingress-nginx
26  labels:
27    app.kubernetes.io/name: ingress-nginx
28    app.kubernetes.io/part-of: ingress-nginx
29
30---
31kind: ConfigMap
32apiVersion: v1
33metadata:
34  name: udp-services
35  namespace: ingress-nginx
36  labels:
37    app.kubernetes.io/name: ingress-nginx
38    app.kubernetes.io/part-of: ingress-nginx
39
40---
41apiVersion: v1
42kind: ServiceAccount
43metadata:
44  name: nginx-ingress-serviceaccount
45  namespace: ingress-nginx
46  labels:
47    app.kubernetes.io/name: ingress-nginx
48    app.kubernetes.io/part-of: ingress-nginx
49
50---
51apiVersion: rbac.authorization.k8s.io/v1beta1
52kind: ClusterRole
53metadata:
54  name: nginx-ingress-clusterrole
55  labels:
56    app.kubernetes.io/name: ingress-nginx
57    app.kubernetes.io/part-of: ingress-nginx
58rules:
59  - apiGroups:
60      - ""
61    resources:
62      - configmaps
63      - endpoints
64      - nodes
65      - pods
66      - secrets
67    verbs:
68      - list
69      - watch
70  - apiGroups:
71      - ""
72    resources:
73      - nodes
74    verbs:
75      - get
76  - apiGroups:
77      - ""
78    resources:
79      - services
80    verbs:
81      - get
82      - list
83      - watch
84  - apiGroups:
85      - ""
86    resources:
87      - events
88    verbs:
89      - create
90      - patch
91  - apiGroups:
92      - "extensions"
93      - "networking.k8s.io"
94    resources:
95      - ingresses
96    verbs:
97      - get
98      - list
99      - watch
100  - apiGroups:
101      - "extensions"
102      - "networking.k8s.io"
103    resources:
104      - ingresses/status
105    verbs:
106      - update
107
108---
109apiVersion: rbac.authorization.k8s.io/v1beta1
110kind: Role
111metadata:
112  name: nginx-ingress-role
113  namespace: ingress-nginx
114  labels:
115    app.kubernetes.io/name: ingress-nginx
116    app.kubernetes.io/part-of: ingress-nginx
117rules:
118  - apiGroups:
119      - ""
120    resources:
121      - configmaps
122      - pods
123      - secrets
124      - namespaces
125    verbs:
126      - get
127  - apiGroups:
128      - ""
129    resources:
130      - configmaps
131    resourceNames:
132      # Defaults to "<election-id>-<ingress-class>"
133      # Here: "<ingress-controller-leader>-<nginx>"
134      # This has to be adapted if you change either parameter
135      # when launching the nginx-ingress-controller.
136      - "ingress-controller-leader-nginx"
137    verbs:
138      - get
139      - update
140  - apiGroups:
141      - ""
142    resources:
143      - configmaps
144    verbs:
145      - create
146  - apiGroups:
147      - ""
148    resources:
149      - endpoints
150    verbs:
151      - get
152
153---
154apiVersion: rbac.authorization.k8s.io/v1beta1
155kind: RoleBinding
156metadata:
157  name: nginx-ingress-role-nisa-binding
158  namespace: ingress-nginx
159  labels:
160    app.kubernetes.io/name: ingress-nginx
161    app.kubernetes.io/part-of: ingress-nginx
162roleRef:
163  apiGroup: rbac.authorization.k8s.io
164  kind: Role
165  name: nginx-ingress-role
166subjects:
167  - kind: ServiceAccount
168    name: nginx-ingress-serviceaccount
169    namespace: ingress-nginx
170
171---
172apiVersion: rbac.authorization.k8s.io/v1beta1
173kind: ClusterRoleBinding
174metadata:
175  name: nginx-ingress-clusterrole-nisa-binding
176  labels:
177    app.kubernetes.io/name: ingress-nginx
178    app.kubernetes.io/part-of: ingress-nginx
179roleRef:
180  apiGroup: rbac.authorization.k8s.io
181  kind: ClusterRole
182  name: nginx-ingress-clusterrole
183subjects:
184  - kind: ServiceAccount
185    name: nginx-ingress-serviceaccount
186    namespace: ingress-nginx
187
188---
189
190apiVersion: apps/v1
191kind: Deployment
192metadata:
193  name: nginx-ingress-controller
194  namespace: ingress-nginx
195  labels:
196    app.kubernetes.io/name: ingress-nginx
197    app.kubernetes.io/part-of: ingress-nginx
198spec:
199  replicas: 3
200  selector:
201    matchLabels:
202      app.kubernetes.io/name: ingress-nginx
203      app.kubernetes.io/part-of: ingress-nginx
204  template:
205    metadata:
206      labels:
207        app.kubernetes.io/name: ingress-nginx
208        app.kubernetes.io/part-of: ingress-nginx
209      annotations:
210        prometheus.io/port: "10254"
211        prometheus.io/scrape: "true"
212    spec:
213      # wait up to five minutes for the drain of connections
214      terminationGracePeriodSeconds: 300
215      serviceAccountName: nginx-ingress-serviceaccount
216      nodeSelector:
217        kubernetes.io/os: linux
218      containers:
219        - name: nginx-ingress-controller
220          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.29.0
221          args:
222            - /nginx-ingress-controller
223            - --configmap=$(POD_NAMESPACE)/nginx-configuration
224            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
225            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
226            - --publish-service=$(POD_NAMESPACE)/ingress-nginx
227            - --annotations-prefix=nginx.ingress.kubernetes.io
228          securityContext:
229            allowPrivilegeEscalation: true
230            capabilities:
231              drop:
232                - ALL
233              add:
234                - NET_BIND_SERVICE
235            # www-data -> 101
236            runAsUser: 101
237          env:
238            - name: POD_NAME
239              valueFrom:
240                fieldRef:
241                  fieldPath: metadata.name
242            - name: POD_NAMESPACE
243              valueFrom:
244                fieldRef:
245                  fieldPath: metadata.namespace
246          ports:
247            - name: http
248              containerPort: 80
249              protocol: TCP
250            - name: https
251              containerPort: 443
252              protocol: TCP
253          livenessProbe:
254            failureThreshold: 3
255            httpGet:
256              path: /healthz
257              port: 10254
258              scheme: HTTP
259            initialDelaySeconds: 10
260            periodSeconds: 10
261            successThreshold: 1
262            timeoutSeconds: 10
263          readinessProbe:
264            failureThreshold: 3
265            httpGet:
266              path: /healthz
267              port: 10254
268              scheme: HTTP
269            periodSeconds: 10
270            successThreshold: 1
271            timeoutSeconds: 10
272          lifecycle:
273            preStop:
274              exec:
275                command:
276                  - /wait-shutdown
277
278---
279
280apiVersion: v1
281kind: LimitRange
282metadata:
283  name: ingress-nginx
284  namespace: ingress-nginx
285  labels:
286    app.kubernetes.io/name: ingress-nginx
287    app.kubernetes.io/part-of: ingress-nginx
288spec:
289  limits:
290  - min:
291      memory: 90Mi
292      cpu: 100m
293    type: Container

Create file service

service-nginx.yaml

1apiVersion: v1
2kind: Service
3metadata:
4  name: ingress-nginx
5  namespace: ingress-nginx
6  labels:
7    app.kubernetes.io/name: ingress-nginx
8    app.kubernetes.io/part-of: ingress-nginx
9spec:
10  type: NodePort
11  ports:
12    - name: http
13      port: 80
14      targetPort: 80
15      protocol: TCP
16    - name: https
17      port: 443
18      targetPort: 443
19      protocol: TCP
20  selector:
21    app.kubernetes.io/name: ingress-nginx
22    app.kubernetes.io/part-of: ingress-nginx

example ingress yaml

1apiVersion: networking.k8s.io/v1beta1
2kind: Ingress
3metadata:
4  name: nginx-configuration-snippet
5  annotations:
6    nginx.ingress.kubernetes.io/configuration-snippet: |
7      more_set_headers "Request-Id: $req_id";
8spec:
9  rules:
10  - host: {domain kamu}
11    http:
12      paths: /
13      - backend:
14          serviceName: {nama service}
15          servicePort: {port service}

finish, congratulations :) #cheers

More articles from Fahmi

Deploy Traefik Ingress on kubernetes

mau sharing `setup ingress` di k8s, existing kita menggunakan traefik untuk ingressnya, akan tetapi soon akan kembali ke nginx.

February 15th, 2020 · 1 min read
© 2020 Fahmi
Link to $mailto:me@fahmi.my.id