Kubernetes Ingress Controller using SSL in CloudRaya
Kubernetes has two techniques when deploying applications for external Access, Egress and Ingress. Egress is outgoing traffic from the pod, and Ingress is incoming traffic to the pod.
But here, we will talk about Ingress Controller in Kubernetes.
Kubernetes Ingress Controller is an L7 Load Balancer responsible for allowing a simple host or URL-based HTTP routing.
Usually, Kubernetes Ingress Controller always uses a third-party proxy. There are many Ingress Controller applications today, i.e.:
Nginx: Official ingress for NGINX and NGINX Plus
Kong: Nginx based API Gateway or enterprise option using KongHQ
Istio: Ingress Gateway for Istio-enabled clusters
HAProxy: HAProxy Ingress Controller
F5: Support F5’s BIG-IP Container Ingress Services
Ambassador: API Gateway and L7 Load Balancer with Kubernetes Ingress support
Ingress Controller in Cloud Raya
In Cloudraya, we can implement Ingress Controller using Nginx. In the previous article, we already configured Rancher Kubernetes, which is already installed Nginx reverse proxy as the default Ingress Controller. Nginx is a popular option for simple HTTP/S routing and SSL termination cases.
This tutorial will learn how to use Ingress Controller like routing http/s routing and install SSL in Kubernetes.
With Rancher, we will create ingress with a simple click.
Below is step by step what we will do in this article:
a. Make sure Nginx Ingress Controller has been installed on Kubernetes
b. Create a new project with the name “IngressCR” and create a Namespace with the name “IngressNS.”
c. Create two subdomains with names apple.cloudraya.com and orange.cloudraya.com
d. Install SSL in Kubernetes
e. Configure Ingress controller for both subdomains with SSL
f. Configure Load Balancer in Cloudraya for both subdomains
A. Make Sure Nginx Ingress Controller has been Installed on Kubernetes
Before we implement Nginx Ingress Controller in Cloudraya, we need to ensure that Nginx has been installed in our Kubernetes. When we deploy Rancher on the first time, make sure the cluster.yml already has the following line :
Required for external TLS termination with
# ingress-nginx v0.22+
After Nginx has been installed in Kubernetes, we can verify it using Rancher Web UI
1. Change your namespace to ingress-nginx
2. Click Workload – DaemonSets, then we will see nginx-ingress-controller
B. Create a New Project with the Name “IngressCR”
Next step, we will create a new Project in Kubernetes.
1. Change the view using “All Namespaces” – Click “Cluster” – Click “Project/Namespaces” then Click “Create Project” Button
2. We will be redirected to the new Window. Fill Name of the Project with IngressCR, then click Create.
3. Next, we will create a new namespace for our website. In Project, IngressCR, click “Create Namespace” button.
4. In the new Window, fill the Name with “ingressns” to create our namespace.
Now we have namespace IngressNS in our Kubernetes server.
C. Create Two Subdomains with Names apple.cloudraya.com and orange.cloudraya.com
In the next steps, we will create two subdomains and create a simple site for both websites because we only want to know how the Nginx Ingress Controller works with SSL.
Change our namespace to ingressns then we will create a deployment for both websites.
Click Workload – Deployment
The first subdomain fills the field as follow :
Namespace : ingressns
Name : apple
Container Name : nginx
Container Image : nginx
Service Type : ClusterIP
Name : nginx-svc
Private Container Port : 80
Protocol : TCP
Then click Create. Please wait for a while until deployment creates the pods.
After Apple’s Deployment state is Active, we can create a new deployment for orange.cloudraya.com with the same steps.
Below is the screenshot after we create two subdomains in Rancher.
D. Install SSL in Kubernetes
In the next steps, we will add our SSL certificate in Rancher.
Click Storage – Secrets then Choose Create Button
In the new windows, we choose TLS Certificate
Fill the field as follow :
Name : Cloudraya (name of your certificate)
Certificate : Insert your Private key and Certificate
Below is the screenshot after we successfully added the certificate.
E. Configure Ingress Controller for Both Subdomains with SSL
After we configure the website and certificate, we are ready to create an ingress for both domains (apple.cloudraya.com and orange.cloudraya.com)
Please make sure our namespace is ingressnss. On the left page, choose Service Discovery – Ingresses then click Create
In the new Window, fill the field as follow:
Name : apple.cloudraya.com
Request Host : apple.cloudraya.com
Path : Prefix
Target Service : apple
Port : 80
Certificate-Secret Name: Choose cloudraya secret that we have created before.
Fill the hostname with apple.cloudraya.com
Then click Create
Below is the screenshot after we successfully created the Ingress
Please do the same step to create orange.cloudraya.com until we have two ingresses in Kubernetes
F. Configure Cloudraya Load Balancer
Like the previous article at this link, we assign Load Balancer IP Address for Rancher.
This IP Address is the same IP Address for Ingress Controller for Kubernetes.
Point A record of both subdomains to IP 188.8.131.52, then we can browse it via browser.
Wow, we have successfully created Ingress in Kubernetes with SSL in Cloudraya!