Ingress

Northern Zone: Flux configuration

  • See for networking architecture of the second site.

Addition of non-http ingresses

Non http-ingress is required for various use-cases. The first critical one is for off-site incoming streams for the radio. See technicalRadio.mds

Ingress for Master and DJ

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  8001: "radio/liquidsoap:8001"
  8002: "radio/liquidsoap:8002"

Example

The next example shows how to expose the service example-go running in the namespace default in the port 8080 using the port 9000

apiVersion: v1
kind: ConfigMap
metadata:
  name: tcp-services
  namespace: ingress-nginx
data:
  9000: "default/example-go:8080"

```Then, the config map should be added to the ingress controller’s deployment args.

args: - /nginx-ingress-controller - --tcp-services-configmap=ingress-nginx/tcp-services


--set tcp-services-configmap=ingress-nginx/tcp-services

helm upgrade --set deployment.args="--inspect server.js" ...

helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --set tcp-services-configmap=ingress-nginx/tcp-services

helm upgrade --reuse-values ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --set tcp-services-configmap=ingress-nginx/tcp-services  --namespace ingress-nginx


## References

- <https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/>
- <https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/command-line-arguments/>


## Southern Zone: manual configuration

```mermaid
---
title: southern.podzone.net Request Routing
---
graph TD

clientExt1 --> routerPort1
routerPort1 --> ovoo
lbr --> ingress

ingress -->|musings.thruhere.net| app1
ingress -->|qsolutions.endoftheinternet.org| app4
ingress -->|control.southern.podzone.net| app2
ingress -->|dashboard.southern.podzone.net| app3

  subgraph Internet
    clientExt1([Internet Client])
  end
  subgraph Router
    routerPort1[[port forward :443-> oovo:443]]
  end
  subgraph southern.podzone.net

    subgraph ovoo
      lbr{{lbr}}
    end
    ingress
    app1(apache)
    app4(zope)
    app2(k8s control plane)
    app3(k8s dashboard)

  end

Ingress configuration

L2 Load Balancer

MetalLB is used to implement an L2 load balancer. The metallb microk8s add-on is required:

  • sudo microk8s enable metallb
  • Production: Assign range: 192.168.0.131-192.168.0.132
  • Dev: Assign range: 192.168.0.141-192.168.0.142

Ingress Controller

An ingress controller is required. De-facto standard seems to be ingress-nginx.

Load ingress-nginx using helm:

  • sudo microk8s helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
  • sudo microk8s kubectl --namespace ingress-nginx get services -o wide -w ingress-nginx-controller

NOTE: Enabling the microk8s add-on failed to produce a working ingress for me, not sure what I was doing wrong.

Certificate Management

Enable the microk8s cert-manager, and define ClusterIssuer and Certificate requirements

  • sudo microk8s enable cert-manager
  • ClusterIssuer.yaml
  • Certificates.yaml

Ingress definition

Annotations link in the Certificate ClusterIssuer, and config to specify the hostname and tls secret. There is also an annotation to set the app-root.

  • ApacheSecureIngress.yaml