Customizing Ingress Controller

Customize ingress controller cluster to run two different ingress controller

There are some environments where you have to provide two different Ingress Controllers to expose internal/private endpoints and external/public endpoints from the cluster.

By default Kubernetes Fury Distribution deploys a single ingress controller to support just one type of ingress, internal and external. But SIGHUP provides support for having two different Ingress Controllers:

System requirements

Single ingress controller, the default packaged in this distribution, exposes a nodePort Kubernetes service in the cluster exposing 31080 (for http traffic) and 31443 (for https traffic). It uses the ingress class name nginx.

  • nginx ingress class name:
    • 31080: nginx http traffic.
    • 31443: nginx https traffic.

Dual ingress controller, the one supporting public-external/private-internal, exposes two pairs of Kubernetes nodePorts:

  • external ingress class name:
    • 31080: external http traffic.
    • 31443: external https traffic.
  • internal ingress class name:
    • 32080: internal http traffic.
    • 32443: internal https traffic.

You have to route traffic to the correct ports of the cluster to make it working.

Setup

You will need to modify a couple of files to enable the dual ingress controller:

$ ls Furyfile.yml
Furyfile.yml
$ ls manifests/distribution/kustomization.yaml
manifests/distribution/kustomization.yaml

Furyfile.yml

You have to add the dual-nginx package in this file to download it in the vendor directory:

$ echo -e "  - name: ingress/dual-nginx" >> Furyfile.yml
$ grep nginx Furyfile.yml
  - name: ingress/nginx
  - name: ingress/dual-nginx

Please note that both lines (nginx and dual-nginx) should be present.

Then proceed to download the package in the vendor directory:

$ furyctl vendor -H
$ ls -lrt vendor/katalog/ingress/dual-nginx/
total 64
-rw-r--r--  1 sighup  staff  2442 31 mar 16:16 README.md
-rw-r--r--  1 sighup  staff   384 31 mar 16:16 configs.yml
-rw-r--r--  1 sighup  staff  2437 31 mar 16:16 deployment-external.yml
-rw-r--r--  1 sighup  staff  2437 31 mar 16:16 deployment-internal.yml
-rw-r--r--  1 sighup  staff   148 31 mar 16:16 kustomization.yaml
-rw-r--r--  1 sighup  staff  2400 31 mar 16:16 rbac.yml
-rw-r--r--  1 sighup  staff  3739 31 mar 16:16 rules.yml
-rw-r--r--  1 sighup  staff   541 31 mar 16:16 sm.yml

kustomization.yaml

Once the new package is present in the vendor directory, you have to modify the manifests/distribution/kustomization.yaml to change the nginx package from single to dual:

$ sed -i .backup 's@ingress/nginx@ingress/dual-nginx@g' manifests/distribution/kustomization.yaml
$ grep "nginx" manifests/distribution/kustomization.yaml
  - ../../vendor/katalog/ingress/dual-nginx

Test

If you have followed these steps, you can verify everything is in place with the following command:

$ kustomize build manifests | grep ingress-class
        - --ingress-class=external
        - --ingress-class=internal

Commit changes to the repository

These changes should be saved in the git repository, so:

$ git add .
$ git commit -m "Deploy dual-nginx package instead of single one"
$ git push origin master

Last modified 03.04.2020: Add HA note (84848b0)