AKS Ingress

Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define.

Prerequisites

Creating Services

To run the load balancers, you must create one or more Services. To add a service, follow the steps in the Services topic. In this example, we created two Services named s1-alb and s4-nlb.

Enabling the Ingress Controller

Before you add an Ingress rule, you need to enable the Ingress Controller for the application gateway.

1. In the DuploCloud Portal, navigate to Administrator -> Infrastructure.

2. Select the Infrastructure from the NAME column.

3. Click the Settings tab.

4. Click Add. The Infra-Set Custom Data pane displays.

5. In the Setting Name field, select Enable App Gateway Ingress Controller. Click Enable and Set. In the Settings tab, the Enable App Gateway Ingress Controller setting contains the true value.

Adding a Load Balancer Listener using the K8S NodePort

Add a load balancer listener that uses the Kubernetes NodePort (K8S NodePort).

1. In the DuploCloud Portal, navigate Kubernetes -> Services.

2. On the Services page, click on the name of the Service you created.

3. Click the Load Balancers tab.

4. Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
5. In the Select Type field, select K8S Node Port.

6. In the Health Check field, add the Kubernetes Health Check URL for this container.

7. Complete the other fields in the Add Load Balancer Listener and click Add.

Adding Kubernetes Ingress

Add an Ingress rule to listen on port 80 (in this example) using both Load Balancers.

1. In the DuploCloud Portal, navigate to Kubernetes -> Ingress.

2. Click Add. The Add Kubernetes Ingress page displays.

3. Supply the Ingress Name, select the Ingress Controller (in this example, azure-application-gateway), and set Visibility to Public.
4. In the DNS Prefix field, provide the DNS prefix to expose services using the Route53 domain.

5. From the Certificate ARN list box, select the certificate ARN to expose services over HTTPS.

6. In the Port Override field, select the port to override. This field allows configuring frontend listeners to use different ports other than 80/443 for HTTP/HTTPS. If you use a port other than 80, you must define an additional Security Group rule for that port. See this section for more information.

Configuring Kubernetes Ingress rules

1. On the Add Kubernetes Ingress page, click Add Rule. The Add Ingress Rule pane displays. Specify a unique Path identifier.

2. In the Service Name field, select the Service (s1-alb:80 in this example). Click Add Rule to add the Ingress rule.
3. Repeat the previous steps to add additional rules. In this example, we added a second rule for Service s4-nlb:80.

4. On the Add Kubernetes Ingress page, click Add to create the Ingress.

Adding a Security Group Rule

1. In the DuploCloud Portal, navigate to Administrator -> Infrastructure.

2. Select the Infrastructure from the Name column.

3. Click the Security Group Rules tab.

4. Click Add. The Add Infrastructure Security pane displays.
5. Define the rule and click Add. The rule is added to the Security Group Rules list.

Viewing Ingress

When Ingress is configured, you can access Services based on the rules for each DNS, displayed on the Kubernetes -> Ingress page.

The image below shows the output for three Services with Path Type rules and different DNS names. See the detailed steps to create Ingress rules.

By executing curl commands, you can see the difference in the output for each Service. Services are accessed based on the DNS name specified in the DuploCloud Portal and the paths that you configured when you added Ingress rules:

>curl http://ig-nev-ingress-ing-t2-1.duplopoc.net/

this is IG-NEV >curl http://ing-doc-ingress-ing-t2-1.duplopoc.net/

this is ING-DOC

>curl http://ing-public-ingress-ing-t2.1.duplopoc.net/

this is ING2-PUBLIC