How to Set Up an NGINX Ingress Controller on DigitalOcean Kubernetes


Graphic showing the DigitalOcean and Kubernetes logos

DigitalOcean’s Managed Kubernetes service simplifies provisioning and maintaining Kubernetes clusters. The platform provides a ready-to-use foundation for containerized workloads with one-click support for common addon applications.

In this article, we’ll show how to use one of these addons to set up an NGINX Ingress controller in your cluster. Ingresses provide a mechanism for routing external traffic to your services based on rules such as hostname, path, and headers. NGINX Ingress is one of the most popular Ingress controllers; it uses the NGINX web server as a reverse proxy that directs incoming traffic to the correct Kubernetes service.

Getting Started

You should create a Kubernetes cluster in your DigitalOcean account before you follow this tutorial. We’ll also assume you’re familiar with the basics of using Kubernetes, Kubectl, and DigitalOcean’s cloud control panel.

image of Kubernetes clusters in the DigitalOcean control panel

Begin by logging into to your DigitalOcean control panel, clicking the “Kubernetes” link in the left sidebar, and selecting your cluster on the page that appears. Next click the “Marketplace” tab to view the list of available 1-Click Apps.

What Are 1-Click Apps?

DigitalOcean’s Kubernetes 1-Click Apps provide pre-configured installations for popular in-cluster applications. The apps are tested by DigitalOcean so they’re guaranteed to work with each available Kubernetes version.

Available apps use the official Helm chart from their vendor. The charts are augmented by default settings supplied by DigitalOcean in an open-source GitHub repository. The DigitalOcean control panel lets you install the available charts with one click, providing an easy way to get up and running with essential utilities. You don’t have to manually install Helm and set up chart repositories.

Installing NGINX Ingress With the 1-Click App

You can now use this technique to add NGINX Ingress to your cluster. Find the app in the marketplace by scrolling down the list or using the searchbar. Click the blue “Install” button on the app’s card and acknowledge the confirmation prompt.

The installation procedure can take several minutes to complete. Progress will be displayed in the web UI. A new load balancer will be automatically added to your account during the app’s set up process. This load balancer will be billed at the standard rate and should be used as the external entrypoint for your cluster.

Your Ingress controller will be ready to use after the installation completes. As the 1-Click App is based on a Helm chart, you can check the app’s been added by listing the Helm releases in your cluster:

$ helm list --all-namespaces
NAME                    NAMESPACE               REVISION  UPDATED                                 STATUS    CHART                       APP VERSION 
ingress-nginx           ingress-nginx           1         2022-05-30 14:46:37.591626084 +0000 UTC deployed  ingress-nginx-4.1.0-beta.1  1.2.0-beta.1

The ingress-nginx release was added by DigitalOcean. It shows as deployed so you can start creating Ingress resources to route traffic to your services.

Using Your Ingress Controller

You can test your Ingress controller by creating simple Kubernetes deployment, service, and Ingress resources:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: demo-app
  template:
    metadata:
      labels:
        app: demo-app
    spec:
      containers:
      - name: demo-container
        image: httpd:latest
        ports:
          - containerPort: 80
 
---

apiVersion: v1
kind: Service
metadata:
  name: demo-service
spec:
  selector:
    app: demo-app
  ports:
    - port: 80
 
---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
spec:
  ingressClassName: nginx
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: demo-service
                port:
                  number: 80

Apply this manifest to your cluster using Kubectl:

$ kubectl apply -f app.yaml

The spec.ingressClassName: nginx field in the Ingress resource means it will be registered with the newly installed NGINX Ingress controller. Each controller implementation has its own class name so you can use multiple controllers in one cluster.

Next set up a DNS record for example.com that points to the external IP address of your DigitalOcean load balancer. You can find this by navigating to Networking > Load Balancers in the online control panel or by running the following Kubectl command:

$ kubectl get service ingress-nginx-controller --namespace=ingress-nginx
NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP    PORT(S)                      AGE
ingress-nginx-controller   LoadBalancer   XXX.XXX.XXX.XXX  1.2.3.4        80:30547/TCP,443:32027/TCP   1d

Visiting example.com should show the default Apache webpage once the DNS change takes effect. Your Ingress controller receives the request from the load balancer. It uses your Ingress resources to select an appropriate service, causing requests to example.com to end up with your Apache containers.

Now you can follow the Kubernetes documentation to create Ingress resources that express the service routing rules needed for your real applications.

Adding HTTPS

Endpoints on production clusters should be protected with TLS. You can set up automated HTTPS certificates by adding Cert-Manager to your cluster, alongside the NGINX Ingress Controller.

Cert-Manager is available as an additional 1-Click App from the DigitalOcean Marketplace. You can repeat the procedure used earlier: head to your cluster’s overview page in the control panel, click the “Marketplace” tab, and find and install the application.

After the installation completes, create a certificate issuer that will be used to request Let’s Encrypt certificates:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - http01:
          ingress:
            class: nginx

Change the spec.acme.email field to your own email address so Let’s Encrypt can reach you with notifications about your certificates. Then apply the manifest to your cluster:

$ kubectl apply -f issuer.yml

Now you can update your Ingress resource with HTTPS support:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
  annotations:
    kubernetes.io/ingress.class: ingress
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  ingressClassName: nginx
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: demo-service
                port:
                  number: 80
  tls:
    - hosts:
       - example.com

The new spec.tls field specifies that a certificate should be acquired for the example.com domain. The letsencrypt-staging certificate issuer will be used, as defined by the cert-manager.io/cluster-issuer annotation.

The example shown above uses Let’s Encrypt’s staging endpoint which is recommended while you’re testing your deployment. You can switch to using real certificates by creating a second issuer that targets the production endpoints. Copy the Issuer manifest above, replace letsencrypt-staging with letsencrypt-production, and change the spec.acme.server URL to https://acme-v02.api.letsencrypt.org/directory. Afterwards you can update your Ingress resource’s cert-manager.io/cluster-issuer annotation to reference your new letsencrypt-production issuer.

Managing Your NGINX Ingress Installation

Unfortunately DigitalOcean’s 1-Click Apps only simplify the installation experience. You’re on your own when it comes to managing and updating your applications. As apps are simply pre-configured Helm charts, this isn’t as onerous as it sounds.

You can use your local Helm CLI installation to upgrade to new NGINX Ingress releases:

$ helm upgrade ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx
  --values values.yml

You should download the values.yml file from DigitalOcean’s Marketplace repository first. This will ensure the new release is configured with your existing settings. You can also use this procedure to customize your Ingress controller with your own settings after initial installation. Modify the values.yml file and then run the helm upgrade command.

Removing NGINX Ingress From Your Cluster

You can completely remove NGINX Ingress from your cluster by uninstalling the app’s Helm release and deleting the namespace that was created:

$ helm uninstall ingress-nginx --namespace ingress-nginx
$ kubectl delete namespace ingress-nginx

image of deleting a DigitalOcean load balancer

The load balancer should be cleaned up automatically. You can manually delete it from the Networking > Load Balancers page in the DigitalOcean control panel if you need to. Click the “More” button next to the load balancer, then choose “Destroy” from the dropdown menu. You won’t be able to recover the IP address that was allocated.

Installing NGINX Ingress With Doctl

You can install 1-Click Apps using DigitalOcean’s Doctl command-line client. Begin by retrieving the list of your Kubernetes clusters:

$ doctl kubernetes cluster list
ID                                      Name        Region    Version        Auto Upgrade    Status     Node Pools
946407f3-abcd-123a-456b-6a0ec60f93bf    demo-k8s    lon1      1.22.8-do.1    false           running    demo-k8s-1

Next run the following command to add NGINX Ingress to your cluster. Replace <cluster-id> with the ID that was displayed above.

$ doctl kubernetes 1-click install <cluster-id> \
  --1-clicks ingress-nginx

Use this alternative if you want to install Cert-Manager too:

$ doctl kubernetes 1-click install <cluster-id> \
  --1-clicks ingress-nginx,cert-manager

Besides using Doctl, you can also interact with the DigitalOcean API directly to programmatically add new applications to your cluster.

Summary

You can quickly add the NGINX Ingress controller to a DigitalOcean Kubernetes cluster by using the 1-Click App available in the Marketplace. This deploys a pre-configured release of the NGINX Ingress Helm chart with ready-to-use configuration.

Although this accelerates initial provisioning, you must still manually run Helm commands to manage and upgrade your installation. The 1-Click App aims to strike a balance between ease of use and customization, ensuring you’re not locked-in to a specific set of parameters.





Source link

Leave a Reply

Your email address will not be published.