Kubernetes Ingress Tutorial For Beginners

Kubernetes Ingress Tutorial For Beginners

Kubernetes Ingress is a resource to add rules for routing traffic from external sources to the services in the kubernetes cluster.

In this Kubernetes ingress tutorial series, you will learn the concept of ingress resource and ingress controllers used for routing external traffic to Kubernetes deployments. Also, we will cover advanced ingress routing using ISTIO ingress service gateway.

Generally, a custom Nginx or an HAproxy kubernetes deployment will be exposed as a service for proxying external traffic to internal cluster services, where the routing rules will be baked into the pod and added as a configmap. Kubenetes ingress acts in a similar way except the routing rules will be maintained as Kubernetes ingress object. It has a huge advantage of dynamic routing rule configuration without redeploying the proxy pods.

Kubernetes Ingress Tutorial

To get started, you need to understand two key things.

  1. Kubernetes Ingress
  2. Kubernetes Ingress Controller.

Lets have a look at each one these concepts.

Kubernetes Ingress:

Kubernetes Ingress is a native kubernetes resource where you can have rules to route traffic from an external source to service endpoints residing inside the cluster. It requires an ingress controller for routing the rules specified in the ingress object. An ingress object looks like the following.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: dev
spec:
  rules:
  - host: test.apps.example.com
    http:
      paths:
      - backend:
          serviceName: hello-service
          servicePort: 80

The above declaration means, all calls to test.apps.example.com should hit the service named hello-service residing in the dev namespace.

Key things to understand about ingress object.

  1. You should create ingress rules in the same namespace where you have the services deployed. You cannot route traffic to a service in a different namespace where you don’t have the ingress object.
  2. An ingress object requires an ingress controller for routing traffic.
  3. External traffic will not hit the ingress API, instead, it will hit the ingress controller service

Kubernetes Ingress Controller

Ingress controller is typically a proxy service deployed in the cluster. It is nothing but a kubernetes deployment exposed to a service. Following are the ingress controllers available for kubernetes.

  1. Nginx Ingress Controller (Community & From Nginx Inc)
  2. Traefik
  3. HAproxy
  4. Contour
  5. GKE Ingress Controller

Generally, Nginx is widely used as an ingress controller. Here is how an Nginx ingress controller works.

  1. The nginx.conf file inside the Nginx controller pod is a go template which can talk to Kubernetes ingress API and get the latest values for traffic routing in real time.
  2. The Nginx controller talks to Kubernetes ingress API to check if there is any rule created for traffic routing.
  3. If it finds any ingress rules, it will be applied to the Nginx controller configuration, that is a nginx.conf file inside the pod using the go template.

If you connect to the pod using exec and check the /etc/nginx/nginx.conf file, you can see all the rules specified in the ingress object applied in the conf file.

Here is the architecture diagram which explains the ingress setup on a kubernetes cluster.

kubernetes ingress

In this tutorial series, we will look into all types of ingress solutions supported by Kubernetes.

Here is the list of kubernetes Ingress setup tutorials.

  1. How to Setup Up Ingress on Kubernetes using Nginx Ingress controller.
Kubernetes Ingress Tutorial For Beginners

How to Setup and Configure Consul Agent On Client Mode

consul agent setup in client mode

In our last consul post, we have explained the steps to setup up a multi-node consul cluster which runs on server more.

If you want to use consul services for your application on a server, you need to set up a consul agent on the client mode to talk to the consul cluster. A consul client agent is also a member of the system which can obtain the configurations present in the consul cluster.

Consul Agent Architecture

In this post, we will look into the steps involved in running a consul agent on client mode for querying and retrieving services and information from the consul servers.

Install & Configure Consul Agent On Client Mode

Step 1: Update the package repositories and install unzip.

For RHEL/Centos,

sudo yum update -y
sudo yum install unzip -y

For Ubuntu,

sudo apt-get update -y
sudo apt-get install unzip -y

Step 2: Head over to consul downloads page. and get the link for Linux 64 bit.

Step 3: Download the consul binary to /opt directory.

cd /opt
sudo curl -o consul.zip https://releases.hashicorp.com/consul/1.4.4/consul_1.4.4_linux_amd64.zip

Step 4: Unzip consul binary.

sudo unzip consul.zip

Step 5: Move consul executable to /usr/bin directory to be accessible system-wide. You can also move it a location which is in your system path.

sudo mv consul /usr/bin/

Step 6: Verify the consul executable by executing the consul command. It should list the available commands.

consul

Step 7: Create consul config directories.

sudo mkdir -p /etc/consul.d/client
mkdir /var/consul

Step 9: Create a consul config file.

sudo vi /etc/consul.d/client/config.json

Copy the following config content to the config.json file. You should have the value of encrypt which was used during the consul server configuration. If you don’t have this value, you can get it from the consul server from /var/consul/serf/local.keyring file. Also, provide the correct datacenter value available in the consul server

{
    "server": false,
    "datacenter": "Us-Central",
    "data_dir": "/var/consul",
    "encrypt": "gsdfHJ3KZvpC/Zsdf9JZSTQQ==",
    "log_level": "INFO",
    "enable_syslog": true,
    "leave_on_terminate": true,
    "start_join": [
        "10.128.0.3"
    ]
}

Step 11: Create a consul client service file.

sudo vi /etc/systemd/system/consul-client.service

Copy the following contents

[Unit]
Description=Consul Startup process
After=network.target
 
[Service]
Type=simple
ExecStart=/bin/bash -c '/usr/bin/consul agent -config-dir /etc/consul.d/client'
TimeoutStartSec=0
 
[Install]
WantedBy=default.target

Step 12: Reload system daemon.

sudo systemctl daemon-reload

Step 13: Start & check the status of consul client service.

sudo systemctl start consul-client
sudo systemctl status consul-client

Step 14: Check the consul members using the following command.

consul members

You should see your client node in your list of members. It will be of type client. The server cluster members will be of type server.

consul list client members

Query Services & Key Value Pairs From Consul Server

Now that we have successfully configured the client, lets run some checks by retrieving data from the consul server.

List All Available Services

Method 1: Using consul command

consul catalog services

Method 2: Using API

curl http://127.0.0.1:8500/v1/catalog/services\?pretty

Method 3: Using DNS query. Here you need to specify your service name to get the details.

dig @127.0.0.1 -p 8600 consul.service.consul SRV

Query key Values From Consul Client

Lets list a key named backend recursively,

consul kv get -recurse backend
consul agent setup in client mode