# Nginx-Ingress
## Install Nginx Ingress controller on our bare-metal
[`https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters`](https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters\))
Download Nginx Ingress manifest to edit
`wget`[`https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/baremetal/deploy.yaml`](https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/baremetal/deploy.yaml)
Edit the deploy.yaml file:
Find the `Kind: Service` block and replace `Type: NodePort` with `Type: LoadBalancer.` Under the same block, under `metadata` add
```
annotations:
metallb.universe.tf/loadBalancerIPs: 192.168.1.179
```
The `Kind: Service` block should look something like:
```
apiVersion: v1
kind: Service
metadata:
annotations:
metallb.universe.tf/loadBalancerIPs: 192.168.1.179
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.8.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: LoadBalancer
```
The install with `kubectl apply -f deploy.yaml`
`kubectl get service -A` should now looks something like:
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx ingress-nginx-controller LoadBalancer 10.233.29.169 192.168.1.179 80:30433/TCP,443:32129/TCP 12d
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.233.35.138 <none> 443/TCP 12d
kube-system coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 27d
kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.233.2.13 <none> 8000/TCP 24d
kubernetes-dashboard kubernetes-dashboard ClusterIP 10.233.27.160 <none> 443/TCP 24d
metallb-system webhook-service ClusterIP 10.233.50.181 <none> 443/TCP 27d
***
## Testing the new Ingress Controller
Create foo-bar.yaml, then install it with `kubectl apply -f foo-bar.yaml`
```
kind: Namespace
apiVersion: v1
metadata:
name: foobar-app
---
kind: Pod
apiVersion: v1
metadata:
namespace: foobar-app
name: foo-app
labels:
app: foo
spec:
containers:
- name: foo-app
image: 'kicbase/echo-server:1.0'
---
kind: Service
apiVersion: v1
metadata:
namespace: foobar-app
name: foo-service
spec:
selector:
app: foo
ports:
- port: 8080
---
kind: Pod
apiVersion: v1
metadata:
namespace: foobar-app
name: bar-app
labels:
app: bar
spec:
containers:
- name: bar-app
image: 'kicbase/echo-server:1.0'
---
kind: Service
apiVersion: v1
metadata:
namespace: foobar-app
name: bar-service
spec:
selector:
app: bar
ports:
- port: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: foobar-app
name: foo-bar-ingress
spec:
ingressClassName: nginx
rules:
- host: foo.tn
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: foo-service
port:
number: 8080
- host: bar.tn
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: bar-service
port:
number: 8080
---
```
Add the hostnames in the Ingress manifest above `foo.tn` and `bar.tn` in the `/etc/hosts` file to enable test of hostname based ingress. (If a DNS server is present, this can be done there instead.) Example:
```
# file /etc/hosts
192.168.1.179 foo.tn bar.tn
```
Ingress also allows path routing. To test that, replace the following with the `Ingress` block above:
```
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: foobar-app
name: foo-bar-ingress
spec:
ingressClassName: nginx
rules:
- http:
paths:
- pathType: Prefix
path: /foo
backend:
service:
name: foo-service
port:
number: 8080
- http:
paths:
- pathType: Prefix
path: /bar
backend:
service:
name: bar-service
port:
number: 8080
---
```
This can be tested with `curl http://192.168.1.179/foo` and `curl http://192.168.1.179/bar` respectively.
***
## Enabling TLS (https)
To enable TLS for site `foo.tn` such that `https://foo.tn`
First obtain the PEM encoded key and crt file for site foo.tn
Convert both files to `base64` encode \
example: `cat foo.tn.key | base64 -w0` and `cat foo.tn.crt | base64 -w0` and put contents in the secret file below.
```
## file: foo-tls-secret.yaml
---
kind: Secret
apiVersion: v1
metadata:
namespace: foobar-app
name: foo-app-tls
labels:
app: foo
type: kubernetes.io/tls
data:
tls.crt: [output of cat foo.tn.crt | base64 -w0]
tls.key: [output of cat foo.tn.key | base64 -w0]
```
Save and run `kubectl apply -f foo-tls-secret.yaml`
Replace the corresponding Ingress section for foo.tn above with the following:
```
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: foobar-app
name: foo-bar-ingress
spec:
ingressClassName: nginx
tls:
- hosts:
- foo.tn
secretName: foo-app-tls
rules:
- host: foo.tn
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: foo-service
port:
number: 8080
```
Apply the above to the cluster and test with `https://foo.tn`
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://vuahai.gitbook.io/sysadmin-101/kubernetes/setting-up-a-k8s-cluster/nginx-ingress.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.