Exposing application deployed on kubernetes cluster in front of Bigip - nginx

We have an application that is deployed to a Kubernetes cluster on a baremetal system. I have exposed the service as NodePort. We need to expose the service to the outside world using a domain name myapp.example.com. We have created the necessary DNS mapping and we have configured our VIP in our Bigip Loadbalancer. I would like to know what ingress solution we need to implement? Is it from the Nginx/Kubernetes or the Bigip controller? Will Nginx/Kubernetes Nginx controller support Bigip and how do we need to expose the ingress-nginx? is it type LB or Nodeport?

I haven't used Bigip that much but I found that they have a controller for kubernetes.
But I think the simplest way if you have Bigip Loadbalancer already setup and a k8s cluster running then just create the NodePort service for the pod that you want to expose and get the node port number of that service (lets assume 30001). This port is now open and can be used to communicate to the service inside the K8s using the Node's IP. Now configure the Bigip Loadbalancer pool to forward all the incoming traffic to < Node's IP >:30001.
All this is theory from what I know about k8s and how it works. Give it a try and let me know if it works.

Related

Expose pod to a particular pre-determined IP address

I'm looking to expose individual pods HTTP. The trick here is that the pod in question needs to know its externally valid IP address, and so in order to configure that ahead of time, I have to have certainty on the external IP address that I'm exposing it by.
Currently I'm trying to expose in this way:
kubectl expose pod my-pod --type=LoadBalancer --name=lb-http --external-ip=$IP --port=80 --target-port=30000
But I'm thinking that the --external-ip flag isn't operating as I intend, as my GKE cluster ends up with a different endpoint IP address.
Is there a way to expose an individual pod to a particular pre-determined IP address?
Not possible via LoadBalancer type service. However you can use nginx ingress controller to expose all of your pods on same static IP and apply ingress rules for path and host based routing.This doc demonstrates how to assign a static-ip to an Ingress on through the Nginx controller.
You can achieve the same with GKE ingress as well. Here is the doc on how to do that.
You can't pre-assign an IP. It will go create a new GCP LB and then stash the IP/hostname in the Status substruct. Then you take that and put it in your config file or whatever.

Difference between metalLB and NodePort

What is difference between MetalLB and NodePort?
A node port is a built-in feature that allows users to access a service from the IP of any k8s node using a static port. The main drawback of using node ports is that your port must be in the range 30000-32767 and that there can, of course, be no overlapping node ports among services. Using node ports also forces you to expose your k8s nodes to users who need to access your services, which could pose security risks.
MetalLB is a third-party load balancer implementation for bare metal servers. A load balancer exposes a service on an IP external to your k8s cluster at any port of your choosing and routes those requests to yours k8s nodes.
MetalLB can be deployed either with a simple Kubernetes manifest or with Helm.
MetalLB requires a pool of IP addresses in order to be able to take ownership of the ingress-nginx Service. This pool can be defined in a ConfigMap named config located in the same namespace as the MetalLB controller. This pool of IPs must be dedicated to MetalLB's use, you can't reuse the Kubernetes node IPs or IPs handed out by a DHCP server.
A NodePort is an open port on every node of your cluster. Kubernetes transparently routes incoming traffic on the NodePort to your service, even if your application is running on a different node.

Kubunetes(Non-Clouds) Access cluster from outside(Public IP)

I want to make my own cluster, So I plan to buy 3 raspberry pi( for being as server) 1 for master node and 2 for worker nodes. I got one public Ip(router). And I will use kubeadm to create a master node. And use token to join master node from other 2 remaining ras-pi. All raspberry pi are in the same LAN ( router). Normally if I run webserver on my laptop on port 80. My laptop has 192.168.1.3 private Ip. And I do port forwarding from router to my laptop. I can access website through Public Ip.And if I run my webserver on container and do load balancing with k8s on 2 worker nodes( raspberry pi) So how can I handle it. Where should I do port forward to from my router. So how can I bring client from public ip to my any service in my own cluster. I research for it and I can use node port to access but I think it’s not good to do it because it access directly to a host machine not through cluster so another way is making my own loadbalancer but I don’t know How to do
So I want to get some advice how to do it or anything that to achieve my goal. I don’t care if it’s tough or difficult. I just want to success it to get some knowledge and publish it please can someone clarify me
Use nginx ingress controller to route the calls to k8s services in the cluster. That way you don't have to use node port type service objects.
Please consider using of MetalLB (a load-balancer implementation for bare metal Kubernetes clusters) together with the NGINX Ingress controller.
It would require to setup port forwarding in your home router on ports (80/443) to one of your worker nodes.
Here is how this setup would look like in your case:

How to expose kubernetes nginx-ingress service on public node IP at port 80 / 443?

I installed ingress-nginx in a cluster. I tried exposing the service with the kind: nodePort option, but this only allows for a port range between 30000-32767 (AFAIK)... I need to expose the service at port 80 for http and 443 for tls, so that I can link A Records for the domains directly to the service. Does anyone know how this can be done?
I tried with type: LoadBalancer before, which worked fine, but this creates a new external Load Balancer at my cloud provider for each cluster. In my current situation I want to spawn multiple mini clusters. It would be too expensive to create a new (digitalocean) Load Balalancer for each of those, so I decided to run each cluster with it's own internal ingress-controller and expose that directly on 80/443.
If you want on IP for 80 port from a service you could use the externalIP field in service config yaml. You could find how to write the yaml here
Kubernetes External IP
But if your usecase is really like getting the ingress controller up and running it does not need the service to be exposed externally.
if you are on bare metal so change your ingress-controller service type to NodePort and add a reverse proxy to flow traffic to your ingress-controller service with selected NodePort.
As #Pramod V answerd if you use externalIP in ingress-controller service so you loose real remote address in your EndPoints.
A more complete answer could be found Here

How to expose a service in kubernetes running on Barematel

Kubernetes Version: 1.10 Running on Barematel
No. of masters: 3
We are running our multiple microservices inside a Kubernetes cluster. Currently, we are exposing these services outside of the cluster using NodePort. Each microservice has it's own NodePort so we have to maintain a list with the corresponding microservices. Since we are running on Barematel we don't have features like LodeBalancer while exposing a microservice.
Problem: - Since we have multiple masters and workers inside the cluster we have to use a static IP or DNS for any master at a time. If I want to access any service from outside the cluster I have to use as - IP_ADDRESS:NODEPORT or DNS:NODEPORT. At a time I can use the address of any one master. If that master goes gown then I have to change microservices address with other master's address. I don't want to use a static IP or DNS of any master.
What could we a better way to expose these microservices without NodePort? Is there any feature like LoadBalancer over Baremetal? Can INGRESS or Nginx help us?
There is a LoadBalancer for Baremetal, it's called METALLB. Project is available on GitHub, unfortunately this solution is in alpha state and is more complex.
You can also follow the instructions from NGINX and setup round-robin method for TCP or UDP.
Ingress only supports http(s) over ports 80, 443 only.
You can of course setup your own ingress controller but it will be a lot of extra work.
NodePort downside is a limited number of usable ports which is from 30000 to 32767, and if IP of the machine changes your services will be inaccessible.

Resources