- Azure Command-Line Interface (Az CLI) on Bash.
A Kubernetes ingress controller is software that provides layer 7 load balancer features, including: reverse proxy, configurable traffic routing and TLS termination for Kubernetes services.
The ingress controllers are exposed to the internet by using a Kubernetes service of type LoadBalancer.
The ingress controller will be the entry point for all application traffic. There is no need to expose services as LoadBalancer services.
Go to the directory where you have the ratings-web-service.yaml file and change ratings-web service definition from LoadBalancer to ClusterIP
sed -i 's/LoadBalancer/ClusterIP/g' ratings-web-service.yaml
Redefine the service as ClusterIP
kubectl apply -n ratingsapp -f ratings-web-service.yaml
Check that all services are now ClusterIP
kubectl get services -n ratingsapp
kubectl create namespace ingress
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress \
--set controller.replicaCount=2 \
--set controller.nodeSelector."kubernetes\.io/os"=linux \
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux
Create a new yaml file
vi ratings-web-ingress.yaml
Paste the following definitions
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ratings-web-ingress
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ratings-web
port:
number: 80
Execute the following command
kubectl apply -n ratingsapp -f ratings-web-ingress.yaml
kubectl get services --namespace ingress -w
The online security and privacy of user data is a primary concern for everybody. It's important the ratings website allows HTTPS connections to all customers.
This exercise demonstrate how to use cert-manager, which provides automatic Let's Encrypt certificate generation and management.
kubectl create namespace cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.crds.yaml
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.8.2
kubectl get pods --namespace cert-manager
Create a new yaml file
vi cluster-issuer.yaml
Paste the following text in the file and replace the email
key with a valid email
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your email> # IMPORTANT: Replace with a valid email from your organization
privateKeySecretRef:
name: letsencrypt
solvers:
- http01:
ingress:
class: nginx
kubectl apply \
--namespace ratingsapp \
-f cluster-issuer.yaml
Create a new yaml file
vi ratings-web-ingress.yaml
Add the following lines after line 6 (kubernetes.io/ingress.class: nginx) and before the rules
key
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- frontend.<ingress ip>.nip.io # IMPORTANT: update <ingress ip> with the dashed public IP of your ingress, for example frontend.13-68-177-68.nip.io
secretName: ratings-web-cert
The yaml files should look like the following one but with your own dashed IP address
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ratings-web-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
spec:
tls:
- hosts:
- frontend.<ingress ip>.nip.io
secretName: ratings-web-cert
rules:
- host: frontend.<ingress ip>.nip.io # IMPORTANT: update <ingress ip> with the dashed public IP of your ingress, for example frontend.40-78-121-234.nip.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ratings-web
port:
number: 80
kubectl apply \
--namespace ratingsapp \
-f ratings-web-ingress.yaml
kubectl describe cert ratings-web-cert --namespace ratingsapp
Navigate to the host name configured on the ingress. For example, https://frontend.40-78-121-234.nip.io
The performance of a website depends on your cluster's performance. You can monitor the different components in your application, view logs and get alerts whenever you application goes down or some parts of it fail.
Identify the random number you used previously. It whould be the numeric characters at the end of your AKS cluster.
az aks list -o table
Assign the random number you used to the NUMBER variable. For example if your cluster's name is k8s-cluster7293
your should assign the variable as follows:
NUMBER="7293"
Define the rest of the variables
AKS_NAME="k8s-cluster"$NUMBER
LOCATION="westus"
REGISTRY="containerRegistry"$NUMBER
RESOURCE_GROUP="aksworkshop-RG"
WORKSPACE="aksworkshop-workspace-"$NUMBER
Verify variables
echo $AKS_NAME
echo $LOCATION
echo $REGISTRY
echo $RESOURCE_GROUP
echo $WORKSPACE
az resource create --resource-type Microsoft.OperationalInsights/workspaces \
--name $WORKSPACE \
--resource-group $RESOURCE_GROUP \
--location $LOCATION \
--properties '{}' -o table
WORKSPACE_ID=$(az resource show --resource-type Microsoft.OperationalInsights/workspaces \
--resource-group $RESOURCE_GROUP \
--name $WORKSPACE \
--query "id" -o tsv)
echo $WORKSPACE_ID
az aks enable-addons \
--resource-group $RESOURCE_GROUP \
--name $AKS_NAME \
--addons monitoring \
--workspace-resource-id $WORKSPACE_ID