Amazon EKS provides flexibility to start, run, and scale Kubernetes applications in the AWS cloud or on-premises. This article explains how to run Ingress on it.This article explains how to run Ingress on Amazon EKS.
This post is based on Install Ingress on Amazon EKS.
Amazon Elastic Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and scale Kubernetes applications in the AWS cloud or on-premises. This article explains how to run Ingress on it.
Ingress brings good features (traffic splitting, multiple protocols, authentication and etc) of Apache to Kubernetes, with a well-designed Controller component to drive it, which helps users to achieve complex demands for the north-south traffic.
Prerequisites
Before you go ahead, make sure you have an available EKS cluster on Amazon AWS. If you don't have one, please create it according to the guide.
You shall have kubectl tool in your own environment, set the context to your EKS cluster by running:
aws eks update-kubeconfig --name <your eks cluster name> --region <your region>After the Kubernetes cluster is ready, creating the namespace ingress-, all subsequent resources will be created at this namespace.
kubectl create namespace ingress-
We use Helm to deploy all components in Ingress (Apache and -ingress-controller), so please also install Helm according to its installation guide. The helm charts for Apache and -ingress-controller are in apache/-helm-chart and apache/-ingress-controller, clone them to get the charts.
Install Apache
Apache as the proxy plane of -ingress-controller, should be deployed in advance.
cd /path/to/-helm-charthelm repo add bitnami https://charts.bitnami.com/bitnamihelm dependency update ./chart/helm install ./chart/ \ --set gateway.type=LoadBalancer \ --set allow.ipList="{0.0.0.0/0}" \ --namespace ingress-kubectl get service --namespace ingress-The above commands created two Kubernetes Service resources, one is -gateway, which processes the real traffic; another is -admin, which acts as the control plane to process all the configuration changes. Here we created the -gateway as a LoadBalancer type Service, which resorts the AWS Network Balancer to expose it to the Internet. You can find the load balancer hostname by the following command:
kubectl get service -gateway \--namespace ingress- \-o jsonpath='{.status.loadBalancer.ingress[].hostname}'Another thing should be concerned that the allow.ipList field should be customized according to the EKS CIDR Ranges in your EKS cluster, so that the -ingress-controller can be authorized by Apache (for the resources pushing).
See values.yaml to learn all the configuration items if you have other requirements.
Install -ingress-controller
After Apache is deployed successfully, now it's time to install the controller component.
cd /path/to/-ingress-controller# install base resources, e.g. ServiceAccount.helm install ingress--base -n ingress- ./charts/base# install -ingress-controllerhelm install ingress- ./charts/ingress- \ --set ingressController.image.tag=dev \ --set ingressController.config..baseURL=http://-admin:9180//admin \ --set ingressController.config..adminKey={YOUR ADMIN KEY} \ --namespace ingress-The ingress--base chart installed some basic dependencies for -ingress-controller, such as ServiceAccount, its exclusive CRDs and etc.
The ingress- chart guides us how to install the controller itself, you can change the image tag to the desired release version, also the value of ingressController.config..adminKey in above mentioned commands should be filled according to your practical usage (and be sure the admin key is same as the on in Apache deployment). See values.yaml to learn all the configuration items if you have other requirements.
Now try to open your EKS console, choosing your cluster and clicking the Workloads tag, you shall see all pods of Apache , etcd and -ingress-controller are ready.
Test
Now we have deployed all components in Ingress , it's important to check whether it runs well. We will deploy a httpbin service and ask Apache to route all requests with Host "local.httpbin.org" to it.
The first step we should do is created the httpbin workload and expose it.
kubectl run httpbin --image kennethreitz/httpbin --port 80kubectl expose pod httpbin --port 80In order to let Apache routes requests correctly, we need create an Route resource to drive it.
# ar-httpbin.yamlapiVersion: .apache.org/v1kind: Routemetadata: name: httpserver-routespec: rules: - host: local.httpbin.org http: paths: - backend: serviceName: httpbin servicePort: 80 path: /*The above Route resource asks Apache to route requests which Host header is "local.httpbin.org" to the httpbin backend (the one we just created).
Now try to apply it, note the service and the Route resource should be put in the same namespace., crossing namespaces is not allowed in -ingress-controller.
kubectl apply -f ar-httpbin.yamlTest it by a simple curl call from a place where the Apache service is reachable.
$ curl http://{-gateway-ip}:{-gateway-port}/headers -s -H 'Host: local.httpbin.org'{ "headers": { "Accept": "*/*", "Host": "httpbin.org", "User-Agent": "curl/7.64.1", "X-Amzn-Trace-Id": "Root=1-5ffc3273-2928e0844e19c9810d1bbd8a" }}If the Service type is ClusterIP, you have to login to a pod in the EKS cluster, then accessing Apache with its ClusterIP or Service FQDN. If it was exposed (no matter NodePort or LoadBalancer), just accessing its outside reachable endpoint.