Configuring a Kubernetes NGINX Load Balancer
Last edited on November 14, 2024Load Balancer
For this project we will be using Ingress-NGINX Controller which is a ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
To ease the pain of manually writing all of the service mapping configurations for an Ingress-NGINX load balancer, I found that it could be easily deployed with a command that pulls directly from the Kubernetes/Ingress-NGINX repo. This command applies a deploy.yaml file that is specific to Digital Ocean's K8s deployment. However, there are different deploy files available for many different providers depending on your use case (AWS, GCP, etc..).
$ kubectl apply -f "https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/do/deploy.yaml"
However, As noted in the documentation for the specific Digital Ocean installation there are missing annotations that will help further auxiliary processes to function properly. Without them we lose some abilities in DO:
- Naming conventions for Digital Ocean UI
- Opening ports for HTTP throughput graphing
- Enabling ports for TLS traffic
- Enabling the ability to proxy certain traffic
To mitigate this, I downloaded the deploy.yaml file directly into the /Charts directory under the file name staging_load_balancer.yaml and added the annotations manually. The specific annotations to be used can be in this GitHub Issue. I omitted the service.beta.kubernetes.io/do-loadbalancer-hostname annotation because it broke internal proxying for endpoints. Everything else worked perfectly.
I then ran the apply for the load balancer:
$ kubectl apply -f ./Charts/my-project/staging_load_balancer.yaml
You should get an output similar to:
namespace/ingress-nginx created
serviceaccount/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
service/ingress-nginx-controller created
service/ingress-nginx-controller-admission created
deployment.apps/ingress-nginx-controller created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
ingressclass.networking.k8s.io/nginx created
After the Load Balancer finished installation I ran the following command to get the assigned EXTERNAL-IP. This was saved and used to point the DNS A Record to the Load Balancer.
$ kubectl --namespace ingress-nginx get services -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
ingress-nginx-controller LoadBalancer 10.245.185.32 <your-ip-here> 80:31259/TCP,443:31757/TCP 12m app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
ingress-nginx-controller-admission ClusterIP 10.245.69.146 <none>
In conclusion this wasn't as painful as some other items in K8s ( talking to you cert-manager ). It was however a great play in issue discovery and uncovery another layer of the Kubernetes onion.