Expose an Application with NGINX Plus Ingress Controller
Overview
Follow this tutorial to deploy the NGINX Plus Ingress Controller with NGINX Service Mesh and an example application.
Objectives:
- Deploy the NGINX Service Mesh.
- Install NGINX Plus Ingress Controller.
- Deploy the example
bookinfoapp. - Create a Kubernetes Ingress resource for the Bookinfo application.
Note:
All communication between the NGINX Plus Ingress Controller and the Bookinfo application occurs over mTLS.
Note:
The NGINX Plus version of NGINX Ingress Controller is required for this tutorial.
Install NGINX Service Mesh
Follow the installation instructions to install NGINX Service Mesh on your Kubernetes cluster.
You can either deploy the Mesh with the default value for mTLS mode, which is permissive, or set it to strict.
Caution:
Before proceeding, verify that the mesh is running (Step 2 of the installation instructions). NGINX Plus Ingress Controller will try to fetch certs from the Spire agent that gets deployed by NGINX Service Mesh on startup. If the mesh is not running, NGINX Plus Ingress controller will fail to start.
Install NGINX Plus Ingress Controller
-
Install NGINX Plus Ingress Controller with mTLS enabled. This tutorial will demonstrate installation as a Deployment.
-
Get Access to the Ingress Controller. This tutorial creates a LoadBalancer Service for the NGINX Plus Ingress Controller.
-
Find the public IP address of your NGINX Plus Ingress Controller Service.
kubectl get svc -n nginx-ingress NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-ingress LoadBalancer 10.76.7.165 34.94.247.235 80:31287/TCP,443:31923/TCP 66s
Note:
At this point, you should have the NGINX Plus Ingress Controller running in your cluster; you can deploy the Bookinfo example app to test out the mesh integration, or use NGINX Plus Ingress controller to expose one of your own apps.
Deploy the Bookinfo App
Use kubectl to deploy the example bookinfo app.
If automatic injection is enabled, NGINX Service Mesh will inject the sidecar proxy into the application pods automatically. Otherwise, use manual injection to inject the sidecar proxies.
kubectl apply -f bookinfo.yaml
Verify that all of the Pods are ready and in “Running” status:
kubectl get pods
NAME READY STATUS RESTARTS AGE
details-v1-74f858558f-khg8t 2/2 Running 0 25s
productpage-v1-8554d58bff-n4r85 2/2 Running 0 24s
ratings-v1-7855f5bcb9-zswkm 2/2 Running 0 25s
reviews-v1-59fd8b965b-kthtq 2/2 Running 0 24s
reviews-v2-d6cfdb7d6-h62cb 2/2 Running 0 24s
reviews-v3-75699b5cfb-9jtvq 2/2 Running 0 24s
Verify that the application works:
-
Port-forward to the
productpageService:kubectl port-forward svc/productpage 9080 -
Open the Service URL in a browser:
http://localhost:9080. -
Click one of the links to view the app as a general user, then as a test user, and verify that all portions of the page load.
Expose the Bookinfo App
Create an Ingress Resource to expose the Bookinfo application, using the example bookinfo-ingress.yaml file.
kubectl apply -f bookinfo-ingress.yaml
The Bookinfo Ingress defines a host with domain name bookinfo.example.com. It routes all requests for that domain name to the productpage Service on port 9080.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: bookinfo-ingress
spec:
tls:
rules:
- host: bookinfo.example.com
http:
paths:
- path: /
backend:
serviceName: productpage
servicePort: 9080
Access the Bookinfo App
To access the Bookinfo application:
-
Modify
/etc/hostsso that requests tobookinfo.example.comresolve to NGINX Plus Ingress Controller’s public IP address. Add the following line to your/etc/hostsfile:<INGRESS_CONTROLLER_PUBLIC_IP> bookinfo.example.com -
Open
http://bookinfo.example.comin your browser. -
Click one of the links to view the app as a general user, then as a test user, and verify that all portions of the page load.