Step 5: Allow integrating vLB into Containers service of VNG CLOUD

Demand: Customers need to deploy 2 websites: httpd.app.com and nginx.app.com according to microservice architecture on VNG Cloud infrastructure.

Solution: Use vLB (Load Balancer) service in combination with vContainer service on VNG Cloud.

Solution architecture:

Deployment

Step 1: Initialize vLB and vContainer

1. Create Network LoadBalancer(Layer 4)

Note: Như ở trên, chúng ta sẽ tạo 1 Listener trên Port 80. Nếu muốn sử dụng TLS cho website, có thể tạo thêm Listener trên Port 443 và cấu hình TLS ở Ingress Controller. Bài này sẽ chỉ triển khai với Listener Port 80.

2. Choose Create Load Balancer to create vLB

3. Then access the K8S creation control panel at the link: https://hcm-3.console.vngcloud.vn/vserver/container/cluster:

Note: When creating vContainer, we can choose Enable Ingress Controller to create cluster with Ingress Controller already deployed. To use the Ingress Controller with the right features according to the needs of the application, in this article, we will not select Enable Ingress Controller but will implement the Nginx Ingress Controller yourself, so you need to disable Ingress Control when initializing K8S.

4. Check the cluster initialization and download the config file to access the cluster:

Step 2: Deploy Nginx Ingress Controller

1. Go to https://kubernetes.github.io/ingress-nginx/deploy/#bare-metal-clusters
2. Copy and run the above command to deploy Nginx Ingress Controller:
3. Check: → So we have successfully deployed Nginx Ingress Controller. Service ingress-nginx-controller is initialized with Type: NodePort and listens on Port: 30398, 31873 of Minion Nodes.

Step 3: Attach vLB to vContainer

Note: By default vLB cannot connect to vContainer Cluster even though it is in the same VPC/Subnet. Therefore, it is necessary to create a new Security Group and attach it to Minion Node.

1. Create Security Group: Since there is only 1 Listener Port 80 on vLB, only 1 Inbound rule is needed. In case there is a Listener Port 443, please create an Inbound rule.
2. Update Security Group for Minion Node:
3. Enter 30398. Then the Listener will forward traffic to the Backend Pool with port 30398. vLB will periodically health check Pool Members through Monitor Port, traffic will not be sent to members who do not have a successful health check:
4. Click Save to finish attaching vLB to vContainer

Step 4: Deploy the application

1. Prepare YAML files: service.yaml, deployment.yaml and app-ingress.yaml:
2. Deployment:

1. Check Review the vLB status:
2. Edit hosts file on personal laptop to check: C:\Windows\System32\drivers\etc\hosts:
3. Open a web browser and check: