Ingress for an Application Load Balancer
In order for the Ingress resource (Ingress Yaml file) to work, the cluster must have a running VNGCloud Ingress Controller. Unlike other Controller types that run as part of kube-controller-manager . VNGCloud Ingress Controller is not automatically started with the cluster. Please follow the instructions below to install VNGCloud Ingress Controller as well as work with Ingress Yaml files.
Prepare
Create a Kubernetes cluster on VNGCloud, or use an existing cluster. Note: make sure you have downloaded the cluster configuration file once the cluster has been successfully initialized and accessed your cluster.
Create or use a service account created on IAM and attach policy: vLBFullAccess , vServerFullAccess . To create a service account, go here and follow these steps:
Select " Create a Service Account ", enter a name for the Service Account and click Next Step to assign permissions to the Service Account
Find and select Policy: vLBFullAccess and Policy: vServerFullAccess , then click " Create a Service Account " to create Service Account, Policy: vLBFullAccess and Policy: vServerFullAccess created by VNG Cloud, you cannot delete these policies.
After successful creation, you need to save the Client_ID and Secret_Key of the Service Account to perform the next step.
Change the Security Group information to allow ALBs to connect to Nodes in your Node Group. You need to change them on vServer Portal when:
The Security Group attached to your Cluster/Node Group is different from the default parameters we created.
You need to change the security level for your Cluster or you need to open more ports for specific services to operate on the Cluster. Details information here .
Create Service Account and install VNGCloud Ingress Controller
Attention:
When you initialize the Cluster according to the instructions above, if you have not enabled the Enable vLB Native Integration Driver option , by default we will not pre-install this plugin into your Cluster. You need to manually create Service Account and install VNGCloud Ingress Controller according to the instructions below. If you have enabled the Enable vLB Native Integration Driver option , then we have pre-installed this plugin into your Cluster, skip the Service Account Initialization step, install VNGCloud Ingress Controller and continue following the instructions from Deploy once. Workload.
Deploy a Workload
The following is a guide for you to deploy the nginx service on Kubernetes.
Step 1 : Create Deployment for Nginx app.
Create nginx-service-lb7.yaml file with the following content:
Deploy This deployment equals:
Step 2: Check the Deployment and Service information just deployed
Run the following command to test Deployment
If the results are returned as below, it means you have deployed Deployment successfully.
Step 3: Create Ingress Resource
1.If you do not have an Application Load Balancer previously created on the vLB system.
Now, when creating an Ingress, leave the Load Balancer ID information blank at the vks.vngcloud.vn/load-balancer-id annotation .
For example, suppose you have deployed a service named nginx-service. At this point, you can create the nginx-ingress.yaml file as follows:
Run the following command to deploy Ingress
Once you have deployed Ingress, we will automatically create an ALB on your cluster. This ALB will be displayed on vLB Portal, details can be accessed here . This ALB will have default information:
Ingredient
Quantity
Properties
ALB Package
first
VNG ALB_Small
Listener
2
1 listener with HTTP protocol and port 80
1 listener with HTTPS protocol and port 443
Pool
first
1 pool default HTTP protocol and ROUND ROBIN algorithm
Health Check
first
Use TCP to check health of members.
For example:
Attention:
Currently Ingress only supports TLS port 443 and is the termination point for TLS (TLS termination). TLS Secret must contain fields with key names tls.crt and tls.key, which are the certificate and private key to use for TLS. If you want to use a Certificate for a host, please upload the Certificate according to the instructions at [Upload a certificate] and use them as an annotation. For example:
2.If you already have a previously initialized Application Load Balancer on the vLB system and you want to reuse the ALB for your cluster.
Now, when creating an Ingress, enter the Load Balancer ID information into the vks.vngcloud.vn/load-balancer-id annotation. For example, in this case I reused the ALB with ID = lb-2b9d8974-3760-4d60-8203-9671f229fb96:
After you have created ingress according to the instructions at Ingress for an Application Load Balancer . If:
Your ALB currently has 2 listeners in it:
1 listener has HTTP protocol configuration and port 80
If a listener has HTTPS protocol configuration and port 443, we will use these 2 listeners.
Your ALB does not have either or both listeners with the above configuration, we will automatically create them.
Attention:
If your ALB has:
1 listener has HTTP protocol configuration and port 443
Or a listener configured with HTTPS protocol and portal 80
then when creating Ingress an error will occur. At this point, you need to edit valid listener information on the vLB system and recreate ingress.
3. After successfully creating ingress with an ALB , you are good to go
Edit your ingress configuration according to the specific instructions at Configure for an Application Load Balancer .
Or you can add/edit/delete policies in your ALB by editing the following parameters in the ingress resource (Ingress Yaml file). For example, below, I have set up 2 rules as follows:
Like other Kubernetes resources, Ingress has a structure including the following information fields:
apiVersion: API version for Ingress.
kind: Resource type, in this case "Ingress".
ingressClassName : you need to specify this field value as "vngcloud" to use vngcloud-ingress-controller.
metadata: Information describing Ingress, including name, annotations.
spec: Ingress configuration, including traffic route rules according to the conditions of incoming requests. Ingress resources only support rules to direct HTTP traffic.
For general information about working with Ingress resources (Ingress Yaml files), see [Configure for an Application Load Balancer]).
Step 4: Check and edit the created Ingress resource
After successfully creating ingress, you can view the ingress list via command
For example, below we have successfully created nginx-ingress:
Or view details of an ingress by
For example, below are the details of nginx-ingress that I created:
To update an existing nginx-ingress, we can do so by updating the Ingress Yaml file as follows:
Copy
Step 5: To access the nginx app, you can use the Load Balancer Endpoint that the system has created.
You can get Load Balancer Public Endpoint information at the vLB interface. Specifically, access at
For example, below I have successfully accessed the nginx app with the address: http://180.93.181.129/
Last updated