Assume you have a bare metal Kubernetes cluster on prem. One of the challenges is to make the pod available to public network. Most common and easy solution is to use NodePort as well as upfront load balancer, which needs another layer of maintenance. Furthermore, as the nubmer of services grows, there will be performance issue related to the iptables filter constraints.
This repo provides a solution to implement Nnginx Ingress controller with Multus-CNI so a public IP will be attached to the Ingress directly. Please refer to above two modules for better understanding of the detail technologies involved. Here I focus on more about how to set it up.
$ git clone https://github.com/intel/multus-cni.git && cd multus-cni $ kubectl apply -f ./images/multus-daemonset.yml
$ kubectl apply -f ns-and-sa.yaml
** Notes ** Please make necessary change to the 'namespace', NIC on host server 'master', ip 'ranges' and 'routes' before you apply it.
$ kubectl apply -f macvlan-ingress.yaml
$ kubectl apply -f default-server-secret.yaml
** Notes ** you can also create a secret in CLI with one holding a chain of certificates
$ kubectl create secret tls ingress-certificate --key yourkey.key --cert yourcert.pem -n nginx-ingress
$ kubectl apply -f nginx-config.yaml
$ kubectl apply -f rbac.yaml
** Notes ** you will need to update the ip address, which will be the fixed ip to be assigned to Ingress and must be in the scope defined in macvlan-ingress.yaml
k8s.v1.cni.cncf.io/networks: '[
{
"name": "macvlan-ingress",
"ips": "10.1.0.101"
}
]'
$ kubectl apply -f nginx-ingress.yaml
** Notes ** please update the doname name 'myapp.mydomain.com' and service name 'myapp' accordingly
$ kubectl apply -f myapp-ingress.yaml