Nginx-Ingress

https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/

Install Nginx Ingress controller on our bare-metal

https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters

Download Nginx Ingress manifest to edit

wgethttps://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/baremetal/deploy.yaml

Edit the deploy.yaml file:

Find the Kind: Service block and replace Type: NodePort with Type: LoadBalancer. Under the same block, under metadata add

annotations:
  metallb.universe.tf/loadBalancerIPs: 192.168.1.179

The Kind: Service block should look something like:

apiVersion: v1
kind: Service
metadata:
  annotations:
    metallb.universe.tf/loadBalancerIPs: 192.168.1.179
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.8.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer

The install with kubectl apply -f deploy.yaml

kubectl get service -A should now looks something like:

NAMESPACE              NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                      AGE
ingress-nginx          ingress-nginx-controller             LoadBalancer   10.233.29.169   192.168.1.179   80:30433/TCP,443:32129/TCP   12d
ingress-nginx          ingress-nginx-controller-admission   ClusterIP      10.233.35.138   <none>          443/TCP                      12d
kube-system            coredns                              ClusterIP      10.233.0.3      <none>          53/UDP,53/TCP,9153/TCP       27d
kubernetes-dashboard   dashboard-metrics-scraper            ClusterIP      10.233.2.13     <none>          8000/TCP                     24d
kubernetes-dashboard   kubernetes-dashboard                 ClusterIP      10.233.27.160   <none>          443/TCP                      24d
metallb-system         webhook-service                      ClusterIP      10.233.50.181   <none>          443/TCP                      27d

---

Testing the new Ingress Controller

Create foo-bar.yaml, then install it with kubectl apply -f foo-bar.yaml

kind: Namespace
apiVersion: v1
metadata:
  name: foobar-app
---
kind: Pod
apiVersion: v1
metadata:
  namespace: foobar-app
  name: foo-app
  labels:
    app: foo
spec:
  containers:
    - name: foo-app
      image: 'kicbase/echo-server:1.0'
---
kind: Service
apiVersion: v1
metadata:
  namespace: foobar-app
  name: foo-service
spec:
  selector:
    app: foo
  ports:
    - port: 8080
---
kind: Pod
apiVersion: v1
metadata:
  namespace: foobar-app
  name: bar-app
  labels:
    app: bar
spec:
  containers:
    - name: bar-app
      image: 'kicbase/echo-server:1.0'
---
kind: Service
apiVersion: v1
metadata:
  namespace: foobar-app
  name: bar-service
spec:
  selector:
    app: bar
  ports:
    - port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: foobar-app
  name: foo-bar-ingress
spec:
  ingressClassName: nginx
  rules:
    - host: foo.tn
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: foo-service
                port:
                  number: 8080
    - host: bar.tn
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: bar-service
                port:
                  number: 8080
---

Add the hostnames in the Ingress manifest above foo.tn and bar.tn in the /etc/hosts file to enable test of hostname based ingress. (If a DNS server is present, this can be done there instead.) Example:

# file /etc/hosts
192.168.1.179 foo.tn bar.tn

Ingress also allows path routing. To test that, replace the following with the Ingress block above:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: foobar-app
  name: foo-bar-ingress
spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
          - pathType: Prefix
            path: /foo
            backend:
              service:
                name: foo-service
                port:
                  number: 8080
    - http:
        paths:
          - pathType: Prefix
            path: /bar
            backend:
              service:
                name: bar-service
                port:
                  number: 8080
---

This can be tested with curl http://192.168.1.179/foo and curl http://192.168.1.179/bar respectively.

---

Enabling TLS (https)

To enable TLS for site foo.tn such that https://foo.tn

First obtain the PEM encoded key and crt file for site foo.tn

Convert both files to base64 encode example: cat foo.tn.key | base64 -w0 and cat foo.tn.crt | base64 -w0 and put contents in the secret file below.

## file: foo-tls-secret.yaml
---
kind: Secret
apiVersion: v1
metadata:
  namespace: foobar-app
  name: foo-app-tls
  labels:
    app: foo
type: kubernetes.io/tls
data:
  tls.crt: [output of cat foo.tn.crt | base64 -w0]
  tls.key: [output of cat foo.tn.key | base64 -w0]

Save and run kubectl apply -f foo-tls-secret.yaml

Replace the corresponding Ingress section for foo.tn above with the following:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: foobar-app
  name: foo-bar-ingress
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - foo.tn
    secretName: foo-app-tls
  rules:
    - host: foo.tn
      http:
        paths:
          - pathType: Prefix
            path: /
            backend:
              service:
                name: foo-service
                port:
                  number: 8080

Apply the above to the cluster and test with https://foo.tn