Deploying Multiple Ingress Controllers in a Kubernetes Cluster

In our previous blog, Configuring Ingress Controller of Container Service for Kubernetes to Use an Intranet SLB Instance, we described how to adjust the configuration of the default Nginx Ingress Controllers in a Kubernetes cluster of Container Service for access to an intranet Server Load Balancer (SLB) instance. The two modes mentioned in the blog can basically satisfy requirements in most scenarios, but do not apply to some specific scenarios. For example, some Internet services in a cluster need to provide access through Internet Ingress, whereas some intranet services in the same cluster need to provide access only to services in non-Kubernetes clusters on the same VPC, but not to be accessed by the Internet. To this end, we can deploy two sets of independent Nginx Ingress Controller services and add their frontends to SLB instances of different network types.

Let us use this scenario as an example to illustrate how to deploy multiple sets of independent Nginx Ingress Controllers in a Kubernetes cluster of Container Service to provide access to different services.

Existing Services

As we know, after we successfully apply for a Kubernetes cluster on the Container Service console, a set of Nginx Ingress Controller services mounted to an Internet SLB instance has been deployed in the cluster by default. This can be checked by running the following commands:

In the command output, we can see that the default Nginx Ingress Controller services and relevant resources in the cluster are deployed under the kube-system namespace. By default, the existing services can also listen to the configuration of Ingress created under all namespaces in the cluster but without a kubernetes.io/ingress.classannotation.

Newly deployed Nginx Ingress Controller services

We can deploy another set of independent Nginx Ingress Controller services in the existing Kubernetes cluster of Container Service, and add their frontends to a new SLB instance, which can be an intranet or Internet SLB instance based on actual needs.

On the Alibaba Cloud SLB console, apply for an SLB instance with the expected instance type and network type in the required region.

Prepare a YAML file for Nginx Ingress Controller services.

The Jinja2 command line is required. For more information about its installation, see Jinja2’s official documentation. Run the following command to generate a YAML file for the new Nginx Ingress Controller services to be deployed:

After the YAML file is generated, run the following commands to deploy the new Nginx Ingress Controller services:

By default, the system automatically configures a listening port for the SLB instance. Ensure that the listening port of the SLB instance has been configured. If no listening port is configured, the version of the Kubernetes Cloud Controller Manager is outdated. You can upgrade it by referring to CloudProvider Release Notes. Alternatively, you can manually configure a listening port. Check the mapping of ports required under the PORT(S) parameter by running the following command:

Then, a new set of Nginx Ingress Controllers has been successfully deployed under the specified namespace.

Access Test

We can deploy a test application and configure it to provide external service access through the newly deployed Nginx Ingress Controllers.

Deploy an Nginx test application.

Provide external service access through Ingress.

Note: A kubernetes.io/ingress.class annotation needs to be configured.

After deployment, we can see that the endpoint of Ingress resources is consistent with that of the new Nginx Ingress Controller services.

Try to access this test application separately through the default Nginx Ingress Controller services and new Nginx Ingress Controller services.

From the access test results, we can see that services exposed through different sets of Nginx Ingress Controllers are mutually independent. Therefore, this mode particularly applies to scenarios where some services in a cluster need to provide access through the Internet, whereas some services in the same cluster need to provide access only to services in non-Kubernetes clusters on the same VPC.

To learn more about Alibaba Cloud Container Service for Kubernetes, visit https://www.alibabacloud.com/product/kubernetes

Reference:https://www.alibabacloud.com/blog/deploying-multiple-ingress-controllers-in-a-kubernetes-cluster_594389?spm=a2c41.12517173.0.0

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.