NGINX ingress (ingress-nginx) controller integration with Consul on Kubernetes using Transparent Proxy
- Kubernetes cluster on any Cloud Provider
kubectl
installed locallyhelm
installed locally
Consul on K8s can be deployed on any K8s distro such as EKS, GKE, and AKS. Below are examples on how to get started on AWS and Google Cloud.
- An AWS account and a region that support EKS
- Environment variables to access AWS account locally
eksctl
installed locally
- Create a EKS cluster:
eksctl create cluster --name=<cluster name> --region=<region> --nodes=3
- Import kubectl config
aws eks update-kubeconfig --region <region> --name <cluster name>
- A Google account and a region that support GKE
- Environment variables to access GKE account locally
gcloud
installed locally
- Set environment variables
export PROJECT=<PROJECT ID>
gcloud config set project $PROJECT
gcloud config set compute/zone us-west1-c
- Create a GKE Cluster:
gcloud container clusters create nginx-consulk8s --num-nodes=3 --machine-type "e2-highcpu-4" --enable-autoscaling --min-nodes 1 --max-nodes 4
- Import kubectl config
gcloud container clusters get-credentials nginx-consulk8s
- Deploy Consul
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install consul hashicorp/consul --values consul-values.yaml --version "1.0.2" --create-namespace --namespace consul
- Add deny all intention
kubectl apply -f denyall.yaml
- Deploy NGINX Ingress Controller (ingress-nginx))
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm upgrade --install ingress-nginx ingress-nginx \ ─╯
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace --values nginxingress-values.yaml
- Add configuration for Dialed Directly
kubectl apply -f sd-direct.yaml
- Set NGINX load balancer IP as an environment variable:
export NGINX_INGRESS_IP=$(kubectl get service ingress-nginx-controller -n ingress-nginx -o json | jq -r '.status.loadBalancer.ingress[].ip')
- Generate Ingress Resource with nginx load balancer ip.
cat <<EOF > ingress-resource.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-nginx-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 10G
nginx.ingress.kubernetes.io/enable-underscores-in-headers: "true"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "1200"
# nginx.ingress.kubernetes.io/client-header-timeout: "300"
nginx.ingress.kubernetes.io/upstream-keepalive-timeout: "300"
nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
spec:
ingressClassName: nginx
rules:
- host: "$NGINX_INGRESS_IP.nip.io"
http:
paths:
- path: /server
pathType: Prefix
backend:
service:
name: static-server
port:
number: 8080
defaultBackend:
service:
name: static-server
port:
number: 8080
EOF
- Apply configuration for ingress config to route traffic to
static-server
.
kubectl apply -f ingress-resource.yaml
- Deploy
static-server
deployment.
kubectl apply -f static-server.yaml
- Apply intention to
static-server
from ingress
kubectl apply -f allow-static-server.yaml
- Ensure you get back a
hello world
response when routing requests to the NGINX hostname for thestatic-server
route.
curl ${NGINX_INGRESS_IP}.nip.io
"hello world"