| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2019-09-25 |
kubernetes, nginx, iks multiple ingress controllers |
containers |
{:new_window: target="_blank"} {:shortdesc: .shortdesc} {:screen: .screen} {:pre: .pre} {:table: .aria-labeledby="caption"} {:codeblock: .codeblock} {:tip: .tip} {:note: .note} {:important: .important} {:deprecated: .deprecated} {:download: .download} {:preview: .preview}
{: #ingress-user_managed}
Bring your own Ingress controller to run on {{site.data.keyword.cloud_notm}} and leverage an IBM-provided hostname and TLS certificate. {: shortdesc}
Bringing your own Ingress controller is currently available for classic clusters only, not for VPC on classic clusters.
{: note}
The IBM-provided Ingress application load balancers (ALBs) are based on NGINX controllers that you can configure by using custom {{site.data.keyword.cloud_notm}} annotations. Depending on what your app requires, you might want to configure your own custom Ingress controller. When you bring your own Ingress controller instead of using the IBM-provided Ingress ALB, you are responsible for supplying the controller image, maintaining the controller, updating the controller, and any security-related updates to keep your Ingress controller free from vulnerabilities. Note: Bringing your own Ingress controller is supported only for providing public external access to your apps and is not supported for providing private external access.
{: #user_managed_nlb}
Create a network load balancer (NLB) to expose your custom Ingress controller deployment, and then create a hostname for the NLB IP address. {: shortdesc}
-
Get the configuration file for your Ingress controller ready. For example, you can use the cloud-generic NGINX community Ingress controller
. If you use the community controller, edit the kustomization.yamlfile by following these steps. -
Replace the
namespace: ingress-nginxwithnamespace: kube-system. -
In the
commonLabelssection, replace theapp.kubernetes.io/name: ingress-nginxandapp.kubernetes.io/part-of: ingress-nginxlabels with oneapp: ingress-nginxlabel. -
Deploy your own Ingress controller. For example, to use the cloud-generic NGINX community Ingress controller, run the following command.
kubectl apply --kustomize . -n kube-system{: pre}
-
Define a load balancer to expose your custom Ingress deployment.
apiVersion: v1 kind: Service metadata: name: my-lb-svc spec: type: LoadBalancer selector: app: ingress-nginx ports: - protocol: TCP port: 8080 externalTrafficPolicy: Local{: codeblock}
-
Create the service in your cluster.
kubectl apply -f my-lb-svc.yaml{: pre}
-
Get the EXTERNAL-IP address for the load balancer.
kubectl get svc my-lb-svc -n kube-system{: pre}
In the following example output, the EXTERNAL-IP is
168.1.1.1.NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-lb-svc LoadBalancer 172.21.xxx.xxx 168.1.1.1 80:30104/TCP 2m{: screen}
-
Register the load balancer IP address by creating a DNS hostname.
ibmcloud ks nlb-dns create --cluster <cluster_name_or_id> --ip <LB_IP>{: pre}
-
Verify that the hostname is created.
ibmcloud ks nlb-dns ls --cluster <cluster_name_or_id>
{: pre}
Example output:
Hostname IP(s) Health Monitor SSL Cert Status SSL Cert Secret Name
mycluster-a1b2cdef345678g9hi012j3kl4567890-0001.us-south.containers.appdomain.cloud ["168.1.1.1"] None created <certificate>
{: screen}
-
Optional: Enable health checks on the hostname by creating a health monitor.
-
Deploy any other resources that are required by your custom Ingress controller, such as the configmap.
-
Create Ingress resources for your apps. You can use the Kubernetes documentation to create an Ingress resource file
and use annotations .
If you continue to use IBM-provided ALBs concurrently with your custom Ingress controller in one cluster, you can create separate Ingress resources for your ALBs and custom controller. In the [Ingress resource that you create to apply to the IBM ALBs only](/docs/containers?topic=containers-ingress#ingress_expose_public), add the annotation kubernetes.io/ingress.class: "iks-nginx".
- Access your app by using the load balancer hostname that you found in step 7 and the path that your app listens on that you specified in the Ingress resource file.
https://<load_blanacer_host_name>/<app_path>
{: codeblock}