Skip to content

Commit

Permalink
Initial commit.
Browse files Browse the repository at this point in the history
  • Loading branch information
“Alexander committed Nov 3, 2023
1 parent 2cc46aa commit ac92b33
Show file tree
Hide file tree
Showing 6 changed files with 380 additions and 3 deletions.
105 changes: 102 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,104 @@
# Название сценария
# ALB Ingress Class

Описание сценария и инструкция по его применению.
This guide shows how to deploy two ingresses with ingressClass nginx and alb in the same cluster and route traffic through them to the one app deployment.

Для практических руководств обязательна ссылка на документацию.
## Prerequirites

- yc installed and configured
- Public zone for your [delegated](https://cloud.yandex.com/en-ru/docs/dns/operations/zone-create-public?from=int-console-help-center-or-nav) domain
- mK8S deployed in YC
- Fill variables in `app/alb-ing.yaml` and `app/nginx-ing.yaml`

```bash
git clone https://github.com/yc-architect-solution-library
cd yc-architect-solution-library/yc-k8s-ingress-class
```

## NGINX ingress + cert-manager.io Installation

```bash
kubectl create ns nginx
kubectl create ns app

# NGINX Ingress
kubectl config set-context --current --namespace nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx

kubectl get svc -n nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.96.145.247 84.201.163.76 80:31668/TCP,443:30353/TCP 6d12h # copy External IP of nginx-ingress-nginx-controller service
ingress-nginx-controller-admission ClusterIP 10.96.200.103 <none> 443/TCP 6d12h




yc dns zone add-records your-zone --record "*.nginx.<DOMAIN>. 60 A <EXT_IP>"
yc dns zone list-records your-zone

+-------------------------+------+------+--------------------------------+
| NAME | TTL | TYPE | DATA |
+-------------------------+------+------+--------------------------------+
| *.nginx.example.com. | 60 | A | <EXT_IP> |
| example.com. | 3600 | NS | ns1.yandexcloud.net. |
| | | | ns2.yandexcloud.net. |
| example.com. | 3600 | SOA | ns1.yandexcloud.net. |
| | | | mx.cloud.yandex.net. 1 10800 |
| | | | 900 604800 900 |
+-------------------------+------+------+--------------------------------+


### DNS Challenge Webhook

- Install [Cert-manager with CloudDNS ACME webhookubectl plugin from Marketplace](https://cloud.yandex.ru/marketplace/products/yc/cert-manager-webhook-yandex)


```bash
kubectl config set-context --current --namespace app
kubectl apply -f app/demo-app1.yaml && kubectl apply -f app/demo-app2.yaml
kubectl apply -f app/nginx-ing.yaml
```

```bash
# Checking that everything is working properly
curl https://app.nginx.<DOMAIN>
curl https://app.nginx.<DOMAIN>/app1
curl https://app.nginx.<DOMAIN>/app2
App by Ingress Class
```

### ALB Ingress Class Installation

- Install [ALB Ingress Controller](https://cloud.yandex.ru/marketplace/products/yc/alb-ingress-controller) from Marketplace (follow the instructions)

Then do:

```bash
kubectl config set-context --current --namespace alb
kubectl apply -f alb-ingress-class.yaml # apply ALB ingressClass definition
kubectl config set-context --current --namespace app
kubectl apply -f app/alb-ing.yaml
kubectl get svc # copy External IP of alb-ingress service
yc dns zone add-records your-zone --record "*.alb.<DOMAIN>. 60 A <EXT_IP>"
yc dns zone list-records your-zone
+-------------------------+------+------+--------------------------------+
| NAME | TTL | TYPE | DATA |
+-------------------------+------+------+--------------------------------+
| *.alb.example.com. | 60 | A | <EXT_IP> |
| *.nginx.example.com. | 60 | A | <EXT_IP> |
| example.com. | 3600 | NS | ns1.yandexcloud.net. |
| | | | ns2.yandexcloud.net. |
| example.com. | 3600 | SOA | ns1.yandexcloud.net. |
| | | | mx.cloud.yandex.net. 1 10800 |
| | | | 900 604800 900 |
+-------------------------+------+------+--------------------------------+
# Checking that everything is working properly
curl https://app.alb.<DOMAIN>
curl https://app.alb.<DOMAIN>/app1
curl https://app.alb.<DOMAIN>/app2
```
10 changes: 10 additions & 0 deletions alb-ingress-class.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: alb
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: ingress.alb.yc.io/yc-alb-ingress-controller
42 changes: 42 additions & 0 deletions app/alb-ing.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alb-ingress
annotations:
cert-manager.io/cluster-issuer: yc-clusterissuer
ingress.alb.yc.io/subnets: <SUBNETID>
ingress.alb.yc.io/security-groups: <SGID>,<SGID> # https://cloud.yandex.com/en-ru/docs/application-load-balancer/tools/k8s-ingress-controller/security-groups please do not forget to add sg with ingress rules for 443,80
ingress.alb.yc.io/external-ipv4-address: <IP>
ingress.alb.yc.io/group-name: alb
ingress.alb.yc.io/group-order: "1"
spec:
ingressClassName: alb
tls:
- hosts:
- app.alb.<DOMAIN>
secretName: example-com-secret
rules:
- host: app.alb.<DOMAIN>
http:
paths:
- backend:
service:
name: alb-demo-1
port:
number: 80
path: /app1
pathType: Prefix
- backend:
service:
name: alb-demo-2
port:
number: 80
path: /app2
pathType: Prefix
- backend:
service:
name: alb-demo-2
port:
name: http
path: /
pathType: Prefix
94 changes: 94 additions & 0 deletions app/demo-app1.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: alb-demo-1
data:
nginx.conf: |
worker_processes auto;
events {
}
http {
server {
listen 80 ;
location = /_healthz {
add_header Content-Type text/plain;
return 200 'ok';
}
location / {
add_header Content-Type text/plain;
return 200 'Index';
}
location = /app1 {
add_header Content-Type text/plain;
return 200 'This is APP#1';
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: alb-demo-1
labels:
app: alb-demo-1
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: alb-demo-1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: alb-demo-1
version: v1
spec:
terminationGracePeriodSeconds: 5
volumes:
- name: alb-demo-1
configMap:
name: alb-demo-1
containers:
- name: alb-demo-1
image: nginx:latest
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
path: /_healthz
port: 80
initialDelaySeconds: 3
timeoutSeconds: 2
failureThreshold: 2
volumeMounts:
- name: alb-demo-1
mountPath: /etc/nginx
readOnly: true
resources:
limits:
cpu: 250m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
---
apiVersion: v1
kind: Service
metadata:
name: alb-demo-1
spec:
selector:
app: alb-demo-1
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30084
94 changes: 94 additions & 0 deletions app/demo-app2.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: alb-demo-2
data:
nginx.conf: |
worker_processes auto;
events {
}
http {
server {
listen 80 ;
location = /_healthz {
add_header Content-Type text/plain;
return 200 'ok';
}
location / {
add_header Content-Type text/plain;
return 200 'Index';
}
location = /app2 {
add_header Content-Type text/plain;
return 200 'This is APP#2';
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: alb-demo-2
labels:
app: alb-demo-2
version: v1
spec:
replicas: 2
selector:
matchLabels:
app: alb-demo-2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: alb-demo-2
version: v1
spec:
terminationGracePeriodSeconds: 5
volumes:
- name: alb-demo-2
configMap:
name: alb-demo-2
containers:
- name: alb-demo-2
image: nginx:latest
ports:
- name: http
containerPort: 80
livenessProbe:
httpGet:
path: /_healthz
port: 80
initialDelaySeconds: 3
timeoutSeconds: 2
failureThreshold: 2
volumeMounts:
- name: alb-demo-2
mountPath: /etc/nginx
readOnly: true
resources:
limits:
cpu: 250m
memory: 128Mi
requests:
cpu: 100m
memory: 64Mi
---
apiVersion: v1
kind: Service
metadata:
name: alb-demo-2
spec:
selector:
app: alb-demo-2
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP
nodePort: 30085
38 changes: 38 additions & 0 deletions app/nginx-ing.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: yc-clusterissuer
name: ingress
spec:
ingressClassName: nginx
tls:
- hosts:
- app.nginx.<DOMAIN>
secretName: example-com-secret
rules:
- host: app.nginx.<DOMAIN>
http:
paths:
- backend:
service:
name: alb-demo-1
port:
number: 80
path: /app1
pathType: Prefix
- backend:
service:
name: alb-demo-2
port:
number: 80
path: /app2
pathType: Prefix
- backend:
service:
name: alb-demo-2
port:
name: http
path: /
pathType: Prefix

0 comments on commit ac92b33

Please sign in to comment.