NavigationContentFooter
Jump toSuggest an edit

Exposing a Kubernetes Kapsule ingress controller service with a Load Balancer

Reviewed on 14 October 2024Published on 05 May 2020

This document will guide you through deploying a test application on a Kubernetes cluster, exposing it via an ingress object, and using a Scaleway Load Balancer to ensure persistent IP addressing.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Set up a Kubernetes Kapsule cluster, deploying a TRAEFIK2 ingress controller via the application library using the Easy Deploy function
  • Obtained the kubeconfig file for the cluster
  • Installed kubectl on your local machine

Exposing the ingress controller using a Scaleway Load Balancer

By default, ingress controllers on Kapsule are deployed using a hostPort. This ensures accessibility on all cluster nodes via ports 80 and 443. However, for production readiness, you might prefer using a Load Balancer to expose your services to the internet.

Important

By default, a new security group that blocks all incoming traffic on the nodes for security purposes is created during cluster configuration. To allow incoming HTTP/80 and HTTPS/443 traffic, you need to modify the security group.

  1. In the Scaleway console, navigate to the Compute > Security groups section and find the security group named kubernetes <cluster-id>.
  2. Modify the security group rules to allow incoming traffic on ports 80 (HTTP) and 443 (HTTPS).
    • Allow TCP traffic on port 80 from all sources (0.0.0.0/0) for HTTP.
    • Allow TCP traffic on port 443 from all sources (0.0.0.0/0) for HTTPS.

Deploying a test application

  1. Deploy the cafe-ingress test application:

    kubectl create -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/main/examples/ingress-resources/basic-auth/cafe.yaml

  2. Create the ingress object (coffee-ingress.yaml) using the DNS wildcard provided by Scaleway:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: coffee-ingress
    spec:
      rules:
        - host: YOUR_SCALEWAY_DNS_WILDCARD
          http:
            paths:
              - path: /tea
                pathType: Prefix
                backend:
                  service:
                    name: tea-svc
                    port:
                      number: 80
              - path: /coffee
                pathType: Prefix
                backend:
                  service:
                    name: coffee-svc
                    port:
                      number: 80
    Note

    Your DNS wildcard is composed of your cluster ID (e.g., 68362d3b-57c8-4bea-905a-aeb7f9ab95dc) followed by .nodes.k8s.<SCW_REGION>.scw.cloud. For a cluster located in the Paris region, your DNS wildcard could be, for example: hotdrinks.68362d3b-57c8-4bea-905a-aeb7f9ab95dc.nodes.k8s.fr-par.scw.cloud.

  3. Apply the configuration:

    kubectl create -f coffee-ingress.yaml

  4. Test the ingress:

    curl http://YOUR_SCALEWAY_DNS_WILDCARD/coffee

Using a reserved IP with a Load Balancer

Reserve a flexible Load Balancer IP address through the Scaleway API. Take note of the IP address, referred to as RESERVED_IP from now on.

Using the reserved IP in Kubernetes

  1. Patch tea-svc to use the reserved IP with a LoadBalancer service:

    kubectl patch svc tea-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'

  2. Delete tea-svc:

    kubectl delete svc tea-svc

  3. Patch coffee-svc to use the reserved IP:

    kubectl patch svc coffee-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'
  • Loki monitoring on Kubernetes
  • Monitoring a Kubernetes Kapsule cluster
  • Deploy an image from a private registry
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway