Introducing the NGINX Ingress Controller in Mirantis Kubernetes Engine 3.5.0

Ranyodh Singh - December 14, 2021 - , , , , ,

Most Kubernetes services don’t just exchange information within their cluster — outside users and services need to be able to access them. The Kubernetes Ingress resource makes this possible, describing a set of routing rules according to hostname and/or path. An ingress controller implements those routing rules to route the incoming HTTP traffic to a service in your cluster.

With the release of Mirantis Kubernetes Engine (MKE) v3.5.0, we are switching the ingress controller from Istio to NGINX Ingress Controller (ingress-nginx), an open-source ingress controller for Kubernetes maintained by the Kubernetes community.

Why NGINX? The Ingress controller is an essential piece of the Kubernetes puzzle, and NGINX provides a world-class open source solution, driving scalability, security, and high performance for your clusters as they interface with the outside world — all with the dependability of industry-standard open source tooling.

What is the NGINX Ingress Controller?

The NGINX Ingress Controller is based on the vendor-neutral Kubernetes Ingress resource. NGINX Ingress Controller (ingress-nginx) is a community-supported ingress controller for Kubernetes. It configures and manages a L7 reverse proxy (nginx server) according to the rules defined in the Ingress resource to route the traffic.

NGINX provides a number of features that benefit Mirantis Kubernetes Engine users:

  • High speed, performance, and scalability
  • Ease of monitoring with Prometheus, enabling high observability and uptime, whether by an in-house team or through Lens DevOpsCare
  • The dependability of industry-standard, community-supported open source software

See the official Kubernetes Ingress documentation for more information on the Ingress specs.

What does this mean if I’m using, or wish to continue using, Istio?

If you upgrade to Mirantis Kubernetes Engine 3.5.0, you will need to migrate your existing Istio resources to use the inbuilt Ingress resource in order to take advantage of the embedded NGINX Ingress. There are tools to help with this, such as https://github.com/istio-ecosystem/istio-ingress-migrate.

Alternatively, if you wish to continue to use Istio, you can install your own Istio, or license Tetrate Istio’s enterprise version via Mirantis and the resources can be carried forward (possibly with some modifications if your Istio version is newer than ours). Mirantis will continue to support Istio via Mirantis Kubernetes Engine version 3.4.x until its End-of-Life on April 11, 2023.

How to enable the Ingress Controller in MKE 3.5.0

Enabling the ingress controller in MKE 3.5.0 is as easy as flipping a switch. Follow the steps below to enable and configure the ingress controller:

  1. Log into MKE.
  2. Click Admin SettingsIngress.
  3. Under Kubernetes, click the slider to enable HTTP Ingress Controller for Kubernetes http ingress controller for kubernetes Next, you can configure the proxy so Kubernetes knows what ports to use for Ingress Controller Service. (Note that for a production application, you would typically expose your services via a load balancer created by your cloud provider, but for now we’re just looking at how Ingress works.)
  4. Set specific ports for incoming HTTP requests.
  5. Add External IP address of the MKE server (if necessary).
  6. Click Save to save your settings.

That’s it! In a few seconds, the configuration will be applied and MKE deploys and configures the ingress controller.

Note on Ingress resources:

HTTP Ingress Controller in MKE will target Ingress resources from any namespace with IngressClassName of nginx-default. Also, any new Ingress that is created without an IngressClassName after enabling HTTP Ingress Controller will have a default IngressClassName of nginx-default

Note on upgrading from v3.4.x and prior:

There is no upgrade path from the Istio-based ingress controller to NGINX Ingress Controller. Before upgrading, Istio ingress needs to be disabled (from UI, or using MKE Configuration file).

After upgrading, the NGINX Ingress Controller can be enabled. All the previous configuration used for Istio ingress will be ported over to NGINX Ingress Controller.
 

Now, let’s deploy a sample application and route traffic to that service using Ingress.

Deploying a sample application with NGINX Ingress Controller

In this example, we will deploy the httpbin app which enables you to experiment with HTTP requests. You can deploy the application via either the MKE GUI or CLI.

Installing the application via the MKE user interface

To install the application using the UI, log into Mirantis Kubernetes Engine and follow these steps:

  1. Go to KubernetesCreate.
  2.     create button from MKE ui sidebar
  3. Select the default namespace and paste the following YAML into the editor:
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: httpbin
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: httpbin-svc
      labels:
        app: httpbin
    spec:
      ports:
      - name: http
        port: 8000
        targetPort: 80
      selector:
        app: httpbin
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    	name: httpbin
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: httpbin
          version: v1
      template:
        metadata:
          labels:
            app: httpbin
            version: v1
        spec:
          serviceAccountName: httpbin
          containers:
          - image: docker.io/asankov/httpbin:1.0
            imagePullPolicy: IfNotPresent
            name: httpbin
            ports:
            - containerPort: 80
  4. Click Create

This creates a Deployment with one replica of httpbin, a Service to create a stable IP and domain name within the cluster, and a ServiceAccount under which to run the application.

Click on KubernetesControllers to check if the application has been deployed successfully:

list of controllers from MKE UI

Now that we have our application running in the cluster, we can expose it to the outside world using Ingress.

Create Ingress

Kubernetes Ingress defines rules to route external traffic to an application running inside the cluster. In this step, we will create an Ingress with rules to route the traffic to our httpbin application:

  1. Go to KubernetesIngresses
  2. Click Create and create a new Ingress named httpbin-ing that routes any traffic on the root path (/) to be routed to our httpbin-svc on port 80.
  3. create an ingress object in MKE UI
  4. Click on Generate YAML,
  5. Select default namespace
  6. select the default namespace for the ingress object
  7. Click Create to create this Ingress.

Now, you can access your application by opening the browser to the proxy address and the node port you specified when we set Ingress controller:

://:

In my case, the proxy is set up as:

configure proxy for ingress object  

We set up the service as the HTTP protocol, so the URL would be: http:///34.221.92.31:33000

http url for the ingress object

Install the application via CLI

In order to use the CLI with MKE, you first need to download a client bundle and run the environment script to set kubectl to point to the current cluster. (You can get instructions for how to do that in the MKE Documentation)

Now we are ready to start.

Start by deploying the httpbin our app, a service account and a service.

cat <

Next, create an Ingress to route the traffic

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: httpbin-ing
spec:
  ingressClassName: nginx-default
  rules:
    - http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: httpbin-svc
                port:
                  number: 80

To view the ports and verify that all your services are functioning properly, run the following in the command line:

kubectl get svc --all-namespaces

Now that you have all of this in place, you can reach your application at:

://:

Next Steps

At this point you know how to use the Ingress Controller to route external traffic to your applications. To see a step-by-step example of more complex situations such as canary deployment, traffic splitting, stick sessions, and more complex situations, see the MKE documentation – as well as the examples in the Ingress Controller Documentation – for even more use-cases and scenarios related to ingress traffic.

If you don’t have Mirantis Kubernetes Engine installed, you can try our free trial here.

banner-img
test
tst
tst
Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers

One of the biggest challenges for implementing cloud native technologies is learning the fundamentals — especially when you need to fit your learning in a busy schedule. In this series, we’ll break down core cloud native concepts, challenges, and best practices into short, manageable exercises and explainers, so you can learn five minutes at a time. These lessons assume a basic …

Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers
Cloud Native 5 Minutes at a Time: What is a Container?

One of the biggest challenges for implementing cloud native technologies is learning the fundamentals — especially when you need to fit your learning in a busy schedule. In this series, we’ll break down core cloud native concepts, challenges, and best practices into short, manageable exercises and explainers, so you can learn five minutes at a time. These lessons assume a basic …

Cloud Native 5 Minutes at a Time: What is a Container?
Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)

Note: this blog post was originally published by Avinash Desireddy on Medium. You can view the original post here. Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a …

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)
FREE EBOOK!
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
DOWNLOAD
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW