It is assumed that you have executed Step 1 – 7 as per the previous article.<\/p>\n\n\n\n
Install Nginx Ingress<\/a><\/h2>\n\n\n\nThe first step is to install Nginx Ingress in our\ncluster. Navigate to Cloud Console – > Kubernetes Engine -> Cluster.\nClick on the connect button for backend-cluster. This will launch the cloud\nshell as shown below. Click ok to Run in cloud shell to connect to the\nbackend-cluster.<\/p>\n\n\n\n
Figure 35: Cloud Shell<\/em><\/p>\n\n\n\n![\"\"](\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-36.png\")
<\/figure>\n\n\n\nNext, we will install Helm which allows us to install and manage Kubernetes applications and resources effectively. Helm has two parts: a client (helm) which runs on cloud shell and a server\n(tiller) which runs inside of the kubernetes cluster and manages the\ninstallation.<\/p>\n\n\n\n
Install the latest version of Helm by running the\nfollowing command:<\/p>\n\n\n\n
> curl -o get_helm.sh\nhttps:\/\/raw.githubusercontent.com\/kubernetes\/helm\/master\/scripts\/get<\/p>\n\n\n\n
> chmod +x get_helm.sh<\/p>\n\n\n\n
> .\/get_helm.sh<\/p>\n\n\n\n
Next, we would Install Tiller. Run the following\ncommands to install the server-side tiller to the Kubernetes cluster. The below\ncommand creates a service account and the cluster-admin role to manage the\ncluster.<\/p>\n\n\n\n
> kubectl create\nserviceaccount –namespace kube-system tiller<\/p>\n\n\n\n
> kubectl create\nclusterrolebinding tiller-cluster-rule –clusterrole=cluster-admin\n–serviceaccount=kube-system:tiller<\/p>\n\n\n\n
> helm init –service-account\ntiller<\/p>\n\n\n\n
The following image shows the command\ninteractions and output at the google cloud shell.<\/p>\n\n\n\n
Figure 36: Cloud Shell -> Installation of Helm<\/em><\/p>\n\n\n\n![\"\"](\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-37.png\")
<\/figure>\n\n\n\nNext, we will install the Nginx Ingress through\nHelm. Installing Nginx Ingress will configure a Service type of LoadBalancer in\nour cluster which will route all the incoming requests as per the rules you\ndefine in the deployment file (we will look at this later while deploying the\ningress.yaml file). <\/p>\n\n\n\n
LoadBalancer should listen over an IP. The IP can\nbe automatically assigned by the network system or you can create a static IP\naddress and use the ip address while installing Nginx. We will create a static IP\naddress since this IP address can then be mapped to your domain name where you\nwant to expose the service for public consumption (i.e. similar to domain like api.naveenbalani.dev\nthat we went through in Solution 1). SSL certificate can also be installed on\nthe domain, so you can receive HTTPS requests.<\/p>\n\n\n\n
Create a static IP address of type Regional and\nselect the region (select the same region as that of your VPN). Please note\nthat Global Type would not work with Nginx Ingress LoadBalancer. Following\nimage shows the configuration.<\/p>\n\n\n\n
Figure 37: Create Static IP<\/em><\/p>\n\n\n\n![\"\"](\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-38.png\")
<\/figure>\n\n\n\nCreate the IP and note the IP address.<\/p>\n\n\n\n
Next, go back to cloud shell and install\nNginx Ingress by running the following command. Replace 35.231.11.11 by the IP\nfrom the earlier step.<\/p>\n\n\n\n
> helm install –name\nnginx-ingress stable\/nginx-ingress \\<\/p>\n\n\n\n
–set\ncontroller.service.loadBalancerIP=35.231.11.11\\<\/p>\n\n\n\n
–set rbac.create=true \\<\/p>\n\n\n\n
–set\ncontroller.publishService.enabled=true<\/p>\n\n\n\n
The above command would create a Nginx\nIngress Controller of type HTTP Load Balancer at 35.231.11.11.<\/p>\n\n\n\n
You can also enable SSL while installing\nNginx Ingress. If you have an SSL certificate for your domain, you can enable\nSSL while installing Nginx ingress. <\/p>\n\n\n\n
First, you need to create the secret\nbased on your domain certificate and private key.<\/p>\n\n\n\n
> kubectl create secret tls\nbackend-api-ssl-secret \\<\/p>\n\n\n\n
\n–cert \/Users\/navveenbalani\/<domain.com>\/certificate.crt –key\n\/Users\/navveenbalani\/<domain.com>\/private.key<\/p>\n\n\n\n
Next, you need to reference the\nbackend-api-ssl-secret while installing Nginx Ingress. Use the following\ncommand to enable SSL during installation:<\/p>\n\n\n\n
helm install –name nginx-ingress\nstable\/nginx-ingress \\<\/p>\n\n\n\n
–set\ncontroller.service.loadBalancerIP=35.231.11.11\\<\/p>\n\n\n\n
–set rbac.create=true \\<\/p>\n\n\n\n
–set\ncontroller.publishService.enabled=true \\<\/p>\n\n\n\n
–set controller.extraArgs.default-ssl-<\/p>\n\n\n\n
\n certificate=default\/backend-ssl-secret<\/p>\n\n\n\n
After running the command, you should get the following\nmessage on the console:<\/p>\n\n\n\n
The nginx-ingress controller has been installed.<\/em><\/p>\n\n\n\nIt may take a few minutes for the LoadBalancer IP\nto be available.<\/em><\/p>\n\n\n\nTo see the status of the Nginx Ingress\ncontroller, run the following command:<\/p>\n\n\n\n
> kubectl –namespace default\nget services -o wide -w nginx-ingress-controller<\/p>\n\n\n\n
If you see an external IP (the one that we\nprovided earlier), that implies the Nginx Controller is listening on the\nconfigured external IP.<\/p>\n\n\n\n
Figure 38: Nginx Ingress Status<\/em><\/p>\n\n\n\n![\"\"](\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-39.png\")
<\/figure>\n\n\n\nIf you navigate to Kubernetes Engine ->\nService & Ingress, you will see nginx-ingress-controller listening on the\nip address that we configured earlier as shown in the figure below. You would\nalso see a service named \u201cnginx-ingress-default-backend\u201d. The nginx-ingress-default-backend\nservice provides default backend which handles all URL paths and hosts the nginx controller doesn’t\nunderstand (i.e., all the requests that are not mapped with an Ingress).\nBasically, a default backend exposes two URLs: – \/healthz that returns 200 and \/ that return 404. You can use the Nginx default backend service\nfor the health check instead of providing your own heath check service implementation,\nthat we discussed earlier in Solution 1. <\/p>\n\n\n\n
<\/figure>\n\n\n\nNext, we will install Helm which allows us to install and manage Kubernetes applications and resources effectively. Helm has two parts: a client (helm) which runs on cloud shell and a server\n(tiller) which runs inside of the kubernetes cluster and manages the\ninstallation.<\/p>\n\n\n\n
Install the latest version of Helm by running the\nfollowing command:<\/p>\n\n\n\n
> curl -o get_helm.sh\nhttps:\/\/raw.githubusercontent.com\/kubernetes\/helm\/master\/scripts\/get<\/p>\n\n\n\n
> chmod +x get_helm.sh<\/p>\n\n\n\n
> .\/get_helm.sh<\/p>\n\n\n\n
Next, we would Install Tiller. Run the following\ncommands to install the server-side tiller to the Kubernetes cluster. The below\ncommand creates a service account and the cluster-admin role to manage the\ncluster.<\/p>\n\n\n\n
> kubectl create\nserviceaccount –namespace kube-system tiller<\/p>\n\n\n\n
> kubectl create\nclusterrolebinding tiller-cluster-rule –clusterrole=cluster-admin\n–serviceaccount=kube-system:tiller<\/p>\n\n\n\n
> helm init –service-account\ntiller<\/p>\n\n\n\n
The following image shows the command\ninteractions and output at the google cloud shell.<\/p>\n\n\n\n
Figure 36: Cloud Shell -> Installation of Helm<\/em><\/p>\n\n\n\n Next, we will install the Nginx Ingress through\nHelm. Installing Nginx Ingress will configure a Service type of LoadBalancer in\nour cluster which will route all the incoming requests as per the rules you\ndefine in the deployment file (we will look at this later while deploying the\ningress.yaml file). <\/p>\n\n\n\n LoadBalancer should listen over an IP. The IP can\nbe automatically assigned by the network system or you can create a static IP\naddress and use the ip address while installing Nginx. We will create a static IP\naddress since this IP address can then be mapped to your domain name where you\nwant to expose the service for public consumption (i.e. similar to domain like api.naveenbalani.dev\nthat we went through in Solution 1). SSL certificate can also be installed on\nthe domain, so you can receive HTTPS requests.<\/p>\n\n\n\n Create a static IP address of type Regional and\nselect the region (select the same region as that of your VPN). Please note\nthat Global Type would not work with Nginx Ingress LoadBalancer. Following\nimage shows the configuration.<\/p>\n\n\n\n Figure 37: Create Static IP<\/em><\/p>\n\n\n\n Create the IP and note the IP address.<\/p>\n\n\n\n Next, go back to cloud shell and install\nNginx Ingress by running the following command. Replace 35.231.11.11 by the IP\nfrom the earlier step.<\/p>\n\n\n\n > helm install –name\nnginx-ingress stable\/nginx-ingress \\<\/p>\n\n\n\n –set\ncontroller.service.loadBalancerIP=35.231.11.11\\<\/p>\n\n\n\n –set rbac.create=true \\<\/p>\n\n\n\n –set\ncontroller.publishService.enabled=true<\/p>\n\n\n\n The above command would create a Nginx\nIngress Controller of type HTTP Load Balancer at 35.231.11.11.<\/p>\n\n\n\n You can also enable SSL while installing\nNginx Ingress. If you have an SSL certificate for your domain, you can enable\nSSL while installing Nginx ingress. <\/p>\n\n\n\n First, you need to create the secret\nbased on your domain certificate and private key.<\/p>\n\n\n\n > kubectl create secret tls\nbackend-api-ssl-secret \\<\/p>\n\n\n\n \n–cert \/Users\/navveenbalani\/<domain.com>\/certificate.crt –key\n\/Users\/navveenbalani\/<domain.com>\/private.key<\/p>\n\n\n\n Next, you need to reference the\nbackend-api-ssl-secret while installing Nginx Ingress. Use the following\ncommand to enable SSL during installation:<\/p>\n\n\n\n helm install –name nginx-ingress\nstable\/nginx-ingress \\<\/p>\n\n\n\n –set\ncontroller.service.loadBalancerIP=35.231.11.11\\<\/p>\n\n\n\n –set rbac.create=true \\<\/p>\n\n\n\n –set\ncontroller.publishService.enabled=true \\<\/p>\n\n\n\n –set controller.extraArgs.default-ssl-<\/p>\n\n\n\n \n certificate=default\/backend-ssl-secret<\/p>\n\n\n\n After running the command, you should get the following\nmessage on the console:<\/p>\n\n\n\n The nginx-ingress controller has been installed.<\/em><\/p>\n\n\n\n It may take a few minutes for the LoadBalancer IP\nto be available.<\/em><\/p>\n\n\n\n To see the status of the Nginx Ingress\ncontroller, run the following command:<\/p>\n\n\n\n > kubectl –namespace default\nget services -o wide -w nginx-ingress-controller<\/p>\n\n\n\n If you see an external IP (the one that we\nprovided earlier), that implies the Nginx Controller is listening on the\nconfigured external IP.<\/p>\n\n\n\n Figure 38: Nginx Ingress Status<\/em><\/p>\n\n\n\n If you navigate to Kubernetes Engine ->\nService & Ingress, you will see nginx-ingress-controller listening on the\nip address that we configured earlier as shown in the figure below. You would\nalso see a service named \u201cnginx-ingress-default-backend\u201d. The nginx-ingress-default-backend\nservice provides default backend which handles all URL paths and hosts the nginx controller doesn’t\nunderstand (i.e., all the requests that are not mapped with an Ingress).\nBasically, a default backend exposes two URLs: – \/healthz that returns 200 and \/ that return 404. You can use the Nginx default backend service\nfor the health check instead of providing your own heath check service implementation,\nthat we discussed earlier in Solution 1. <\/p>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n
![\"\"](\"https:\/\/navveenbalani.dev\/wp-content\/uploads\/2019\/12\/image-40.png\")
<\/figure>\n\n\n\n