Setting up Ingress controller NGINX along with HAproxy for Microservice deployed inside Kubernetes cluster
Working with kubernetes and managing the external traffic is like juggling more than two balls. All cloud service provider (GCP,AWS, Openshift, Digital Ocean) comes with their own load balancer which can help us exposing internal service deployed inside kubernetes cluster to the external world.
Exposing the services deployed within kubernetes cluster over Loadbalancer with external IP is really easy but considering the production use case -
Will it be easy for you to remember the URL which has IP address in it?
In my opinion I wouldn't like to use any web-service where I always need to remember IP address while accessing it.
Well do not worry we have HAProxy Ingress Controller to take care of external traffic coming to kubernetes cluster
HAProxy Ingress Controller - It does all the heavy lifting when it comes to managing external traffic into kubernetes cluster and it requires primarily -
If you are doing this for learning purpose than I would prefer to go for option 1 for setting it locally on your laptop.
But if you are already familiar with Google cloud platform than I would choose option 2.
Once you setup your kubernetes cluster you can run the following kubectl command to verify your cluster
1$ kubectl get all
2``34You should see default kubernetes service running as ClusterIP
56```bash
7NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
8service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 31m
2. Install/setup HAProxy on kubernetes node
Before we deep dive into the Kubernetes Ingress controller, lets complete our first and most important per-requisite of installing HAProxy Loadbalancer.
First update your package information using following command
Ubuntu
1$ sudo apt-get update
CentOS
1$ sudo yum check-update
You can use the following command to install HAProxy Loadbalancer
Ubuntu -
1$ sudo apt-get -y install haproxy
CentOS
1$ sudo yum install haproxy
Verify the installation - After the successful installation you should be able to see haproxy.cfg at /etc/haproxy/haproxy.cfg
You can check the installation version also -
1$ haproxy version
2 HA-Proxy version 1.8.8-1ubuntu0.11 2020/06/22
3. Update frontend, backend configuration of haproxy.cfg (/etc/haproxy/haproxy.cfg)
HAproxy frontend backend
After the installation now you need to update the frontend as well as backend configuration for HAProxy.
Frontend - It receives the requests from the clients.
Go to the directory kubernetes-ingress/deployments
1cd kubernetes-ingress/deployments
Inside the deployments directory you will find namespace and service account yaml .e.g. ns-and-sa.yaml. Using this yaml we need to create namespace and service account for the Ingress controller.
You can find ns-and-sa.yaml, inside the directory common/ns-and-sa.yaml
1$kubectl apply -f common/ns-and-sa.yaml
1namespace/nginx-ingress created
2serviceaccount/nginx-ingress created
As a next step you need to create cluster role and cluster role binding for the service account which we have created in step no 3.
For the cluster role and cluster role binding you can find rbac.yaml inside the directory rbac/rbac.yaml
1$ kubectl apply -f rbac/rbac.yaml
1clusterrole.rbac.authorization.k8s.io/nginx-ingress created
2clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress created
For the App protect role create the following role binding
1kubectl apply -f rbac/ap-rbac.yaml
Now you need to create secret using TLS certificate and key for the server.
Use the default-server-secret.yaml available inside the directory common/default-server-secret.yaml
For customizing NGINX configuration you need to create config map using nginx-config.yaml available at common/nginx-config.yaml
1$ kubectl apply -f common/nginx-config.yaml
1configmap/nginx-config created
Lets create ingress controller pod using the deployment
1$ kubectl apply -f deployment/nginx-ingress.yaml
1deployment.apps/nginx-ingress created
Now run it as a Daemon set
1$ kubectl apply -f daemon-set/nginx-ingress.yaml
1daemonset.apps/nginx-ingress
Now we can check all the container images running inside the namespace - nginx-ingress
1$ kubectl get all -n nginx-ingress
After running the above command you should see something similar in your terminal
1NAME READY STATUS RESTARTS AGE
2pod/nginx-ingress-hqghc 1/1 Running 0 42s
3pod/nginx-ingress-jcxjv 1/1 Running 0 42s
1NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
2daemonset.apps/nginx-ingress 22222 <none> 42s
Till now we have setup NGINX controller but not the Ingress resource yet.
Before setting up Ingress resource first we need to deploy some application inside our kubernetes cluster.
"Why we need to deploy application before setting up Ingress resource?"
The answer to this question is - We need to have service deployed and running at certain port, so that we can use service name and port number inside Ingress resource.
5.Deploy spring boot microservice inside kubernetes cluster
Alright lets deploy spring boot microservice using follow command.
(Note - If you want to know more about deploying Spring boot microservice i_nside kubernetes cluster than I would recommend to go through - Deploy Spring Boot microservices on kubernetes)_
Check the deployment
1$ kubectl get deployments
2NAME READY UP-TO-DATE AVAILABLE AGE
3demo 1/1 11 5h20m