Set up Kubernetes Ingress and Load Balancer with K8s NodePort
Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define.
See the Containers topic for steps on how to create Tenants, Hosts, and Services.
Once your service is deployed, you are ready to add and configure Kubernetes Ingress by enabling the AWS Application Load Balancer.
Your administrator needs to enable the AWS Application Load Balancer controller for your infrastructure before you can use Ingress.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure and select the Infrastructure name from the NAME column. Select the Settings tab.
Click Add. The Infra - Custom Data pane displays.
From the Setting Name list box, select Enable ALB Ingress Controller.
Select Enable.
Click Set. In the Settings tab, the Enable ALB Ingress Controller setting displays a Value of true.
Add a load balancer listener that uses Kubernetes (K8s) NodePort. Kubernetes Health Check and Probes are enabled by default. To specifically configure the settings for Health Check, select Additional Health Check configs when you add the Load Balancer.
In the DuploCloud Portal, navigate Kubernetes -> Services.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
In the Select Type field, select K8S Node Port.
Complete the other required fields in the Add Load Balancer Listener pane and click Add. The Load Balancer displays in the Load Balancers tab.
Once Services are deployed, add Ingress:
Select Kubernetes -> Ingress from the navigation pane.
Click Add. The Add Kubernetes Ingress page displays.
You must define rules to add a Kuberenetes Ingress. Continue to the next section to add rules to Kubernetes Ingress and complete the Ingress setup.
In the Add Kubernetes Ingress page, configure Ingress by clicking Add Rule. The Add or Edit Ingress Rule pane displays.
Specify the Path (/ in the example above).
To use a container port name (optional), use the toggle switch to enable Use Container Port Name.
If you enabled Use Container Port Name in step 3., type a Service name in the Service Name field (redirect:use-annotation in the example) and a container port name in the Container Port field (use-annotation in the example).
If you did not enable Use Container Port Name in step 3., from the Service Name list box, select the Service exposed through the K8S Node Port. The Container Port field is completed automatically.
Click Add Rule. The rule is displayed on the Add Kubernetes Ingress page. Add additional rules by repeating the preceding steps.
On the Add Kubernetes Ingress page, specify the Ingress Name.
From the Ingress Controller list box, select the Ingress Controller that you defined previously.
From the Visibility list box, select either Internal Only or Public.
From the Certificate ARN list box, select the appropriate ARN.
Click Add Redirect Config. The Add Redirect Config pane displays.
Fill the fields as shown in the example above.
Click Add to add the Kubernetes Ingress with defined rules. The Ingress you added displays in the K8S Ingress tab.
DuploCloud Platform supports defining multiple paths in Ingress. For example, you could define an Ingress rule with an Exact Path Type to route requests to /path1/
for js-service1, add a rule with a Prefix Path Type to route requests to /path2/
for testsvc2. Additionally, you could add a rule with a Prefix Path Type to route requests via a BYOH Host (Bring-Your-Own-Host) named example.com, for a third service, testsvc3.
When Ingress is configured, you can access Services based on the rules for each DNS, displayed on the Kubernetes -> Ingress page.
In this example, we display the output for three services with Path Type rules and different DNS names. See the previous example for detailed steps to create Ingress rules.
By executing curl
commands, you can see the difference in the output for each service in this example. Configured services are accessed based on the DNS name specified in the DuploCloud Portal and the paths that you specified when you added Ingress rules.
>curl http://ig-nev-ingress-ing-t2-1-duplopoc.net/
path-x
/ this is service1 >curl http://ing-doc-ingress-ing-t2-1-duplopoc.net/
path-y
/ this is service2
>curl http://ing-public-ingress-ing-t2.1.duplopoc.net/
path-z
/
this is ING2-PUBLIC
Optionally, complete Path Type and Host. In this example, we specify a Path Type of Exact. Clicking the Info Tip icon ( ) provides more information for these optional fields.
Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define.
See the Containers topic for steps on how to create Tenants, Hosts, and Services.
Once your service is deployed, you are ready to add and configure Kubernetes Ingress. There are slightly different steps to create ingress in each of the cloud.
Create a GKE Ingress using the DuploCloud Portal
GCP's Ingress Controller for GKE automatically manages traffic routing to Kubernetes services, integrating Kubernetes workloads with Google Cloud's load-balancing infrastructure. It simplifies external access to applications, handling SSL termination and global load distribution.
GCP offers its own Ingress Controller, specifically created for Google Kubernetes Engine (GKE), to seamlessly integrate Kubernetes services with Google Cloud's advanced load balancing features.
Container-native load balancing on Google Cloud Platform (GCP) allows load balancers to directly target Kubernetes Pods instead of using a node-based proxy. This approach improves performance by enabling more efficient routing, reducing latency by eliminating extra hops and providing better health-checking capabilities.
It leverages the network endpoint groups (NEGs) feature to ensure that traffic is directed to the appropriate container instances, enabling more granular and efficient load distribution for applications running on GKE.
See the Containers topic for steps on how to create Tenants, and Services.
Once your services are deployed, you are ready to add and configure a GKE Ingress controller in GCP.
Add a load balancer listener that uses Kubernetes (K8s) ClusterIP type service. Kubernetes Health Check and Probes are enabled by default. To specifically configure the settings for Health Check, select Additional Health Check configs when you add the Load Balancer.
In the DuploCloud Portal, navigate Kubernetes -> Services.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
From the Select Type list box, select K8S Cluster IP.
Complete the other required fields in the Add Load Balancer Listener pane and click Add. The Load Balancer displays in the Load Balancers tab.
Click Advanced Kubernetes Settings and enable Set Health Check annotations for Ingress. (This will add required annotations in Kubernetes Service to be recognized by the GKE Ingress Controller)
Click Add.
In order to enable SSL, you can create a GCP-managed certificate resource in the application namespace.
Once Services are deployed, add an Ingress:
Select Kubernetes -> Ingress from the navigation pane.
Click Add. The Add Kubernetes Ingress page displays.
You must define rules to add a Kubernetes Ingress. Continue to the next section to add rules to Kubernetes Ingress and complete the Ingress setup.
In the Add Kubernetes Ingress page, configure Ingress by clicking Add Rule. The Add Ingress Rule pane displays.
Specify the Path (/samplePath/ in the example above).
From the Service Name list box, select the Service exposed through the K8S ClusterIP (nginx-test in the example above). The Container port field is completed automatically.
Click Add Rule. The rule is displayed on the Add Kubernetes Ingress page. Add additional rules by repeating the preceding steps.
On the Add Kubernetes Ingress page, specify the Ingress Name.
From the Ingress Controller list box, select gce.
From the Visibility list box, select Internal Only or Public.
If you have created a GCP managed certificate, add the following annotations in the Annotations field to link the Ingress with your GCP managed certificate
Click Add to add the Kubernetes Ingress with defined rules. The Ingress you added displays in the Ingress page.
When Ingress is configured, you can access Services based on the rules for each DNS, displayed in the K8S Ingress tab.
In this example, we display the output for three Services with Path Type rules and different DNS names. See the previous example for detailed steps to create Ingress rules.
The Ingress creation will take a few minutes. Once the IP is attached to the ingress, you are ready to use your path- or host-based routing defined via ingress!
Adding an Ingress for DuploCloud Azure load balancers
Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define.
To add an SSL certificate to a service using Kubernetes Ingress, see Using the SSL certificate for Ingress in DuploCloud in the Import SSL Certificates prerequisite for Azure in DuploCloud.
Before you add an Ingress rule, you need to enable the Ingress Controller for the application gateway.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure from the Name column.
Click the Settings tab.
Click Add. The Infra-Set Custom Data pane displays.
In the Setting Name field, select Enable App Gateway Ingress Controller. Click Enable and Set. In the Settings tab, the Enable App Gateway Ingress Controller setting contains the true value.
Add a load balancer listener that uses the Kubernetes NodePort (K8S NodePort).
Using Kubernetes Health Check allows AKS's Application Load Balancer to determine whether your service is running properly.
You must create Services to run the load balancers. In this example, we name these services s1-alb and s4-nlb, respectively.
In the DuploCloud Portal, navigate DevOps -> Containers -> AKS/Native.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
In the Select Type field, select K8S Node Port.
In the Health Check field, add the Kubernetes Health Check URL for this container.
Complete the other fields in the Add Load Balancer Listener and click Add.
Add an Ingress rule to listen on port 80 (in this example) using both load balancers.
If you use a port other than 80, you must define an additional Security Group rule for that port. See this section for more information.
DuploCloud Platform supports defining multiple paths in Ingress.
In the DuploCloud Portal, navigate to DevOps -> Containers -> AKS / Native.
Click the K8S Ingress tab.
Click Add. The Add Kubernetes Ingress page displays.
Supply the Ingress Name, select the Ingress Controller azure-application-gateway, and set Visibility to Public.
Click Add Rule. The Add Ingress Rule pane displays. Specify a unique Path identifier.
In the Service Name field, select s1-alb:80. Click Add Rule to add the load balancer.
Add another rule by clicking Add Rule. The Add Ingress Rule pane displays. In the Service Name field, select s4-nlb:80. Click Add Rule to add the load balancer.
On the Add Kubernetes Ingress page, Add to finish setting up the load balancer rules.
Port 80 is configured by default when adding Ingress. If you want to use a custom port number other than 80, set up an additional Security Group Rule for the custom port using this procedure.
In the DuploCloud Portal, navigate to Administrator -> Infrastructure.
Select the Infrastructure from the Name column.
Click the Security Group Rules tab.
Click Add. The Add Infrastructure Security pane displays.
Define the rule and click Add. The rule is added to the Security Group Rules list.
Once Ingress is configured, you can access Services based on the rules for each DNS.
By executing curl
commands, you can see the difference in the output for each service. Configured services are accessed based on the DNS name specified in the DuploCloud Portal and the paths that you configured when you added Ingress rules.
>curl http://ig-nev-ingress-ing-t2-1.duplopoc.net/
this is IG-NEV >curl http://ing-doc-ingress-ing-t2-1.duplopoc.net/
this is ING-DOC
>curl http://ing-public-ingress-ing-t2.1.duplopoc.net/
this is ING2-PUBLIC
Optionally, complete Path Type and Host. In this example, we specify a Path Type of Exact. Clicking the Info Tip icon ( ) provides more information for these optional fields.