Expose an Application with NGINX Plus Ingress Controller

Overview

Follow this tutorial to deploy the NGINX Plus Ingress Controller with NGINX Service Mesh and an example application.

Objectives:

  • Deploy the NGINX Service Mesh.
  • Install NGINX Plus Ingress Controller.
  • Deploy the example bookinfo app.
  • Create a Kubernetes Ingress resource for the Bookinfo application.
Note:
All communication between the NGINX Plus Ingress Controller and the Bookinfo application occurs over mTLS.
Note:
The NGINX Plus version of NGINX Ingress Controller is required for this tutorial.

Install NGINX Service Mesh

Follow the installation instructions to install NGINX Service Mesh on your Kubernetes cluster. You can either deploy the Mesh with the default value for mTLS mode, which is permissive, or set it to strict.

Caution:
Before proceeding, verify that the mesh is running (Step 2 of the installation instructions). NGINX Plus Ingress Controller will try to fetch certs from the Spire agent that gets deployed by NGINX Service Mesh on startup. If the mesh is not running, NGINX Plus Ingress controller will fail to start.

Install NGINX Plus Ingress Controller

  1. Install NGINX Plus Ingress Controller with mTLS enabled. This tutorial will demonstrate installation as a Deployment.

  2. Get Access to the Ingress Controller. This tutorial creates a LoadBalancer Service for the NGINX Plus Ingress Controller.

  3. Find the public IP address of your NGINX Plus Ingress Controller Service.

    kubectl get svc -n nginx-ingress
    NAME            TYPE           CLUSTER-IP    EXTERNAL-IP     PORT(S)                      AGE
    nginx-ingress   LoadBalancer   10.76.7.165   34.94.247.235   80:31287/TCP,443:31923/TCP   66s
    
Note:
At this point, you should have the NGINX Plus Ingress Controller running in your cluster; you can deploy the Bookinfo example app to test out the mesh integration, or use NGINX Plus Ingress controller to expose one of your own apps.

Deploy the Bookinfo App

Use kubectl to deploy the example bookinfo app.
If automatic injection is enabled, NGINX Service Mesh will inject the sidecar proxy into the application pods automatically. Otherwise, use manual injection to inject the sidecar proxies.

kubectl apply -f bookinfo.yaml

Verify that all of the Pods are ready and in “Running” status:

kubectl get pods

NAME                              READY   STATUS    RESTARTS   AGE
details-v1-74f858558f-khg8t       2/2     Running   0          25s
productpage-v1-8554d58bff-n4r85   2/2     Running   0          24s
ratings-v1-7855f5bcb9-zswkm       2/2     Running   0          25s
reviews-v1-59fd8b965b-kthtq       2/2     Running   0          24s
reviews-v2-d6cfdb7d6-h62cb        2/2     Running   0          24s
reviews-v3-75699b5cfb-9jtvq       2/2     Running   0          24s

Verify that the application works:

  1. Port-forward to the productpage Service:

    kubectl port-forward svc/productpage 9080
    
  2. Open the Service URL in a browser: http://localhost:9080.

  3. Click one of the links to view the app as a general user, then as a test user, and verify that all portions of the page load.

Expose the Bookinfo App

Create an Ingress Resource to expose the Bookinfo application, using the example bookinfo-ingress.yaml file.

kubectl apply -f bookinfo-ingress.yaml

The Bookinfo Ingress defines a host with domain name bookinfo.example.com. It routes all requests for that domain name to the productpage Service on port 9080.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: bookinfo-ingress
spec:
  tls:
  rules:
  - host: bookinfo.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: productpage
          servicePort: 9080

Access the Bookinfo App

To access the Bookinfo application:

  1. Modify /etc/hosts so that requests to bookinfo.example.com resolve to NGINX Plus Ingress Controller’s public IP address. Add the following line to your /etc/hosts file:

       <INGRESS_CONTROLLER_PUBLIC_IP> bookinfo.example.com
    
  2. Open http://bookinfo.example.com in your browser.

  3. Click one of the links to view the app as a general user, then as a test user, and verify that all portions of the page load.