Exposing a Kubernetes Kapsule ingress controller service with a Load Balancer
This tutorial will guide you through deploying a test application on a Kubernetes cluster, exposing it via an ingress object, and using a Scaleway Load Balancer to make the IP persistent.
You may need certain IAM permissions to carry out some actions described on this page. This means:
- you are the Owner of the Scaleway Organization in which the actions will be carried out, or
- you are an IAM user of the Organization, with a policy granting you the necessary permission sets
- You have an account and are logged into the Scaleway console
- You have set up a Kapsule cluster, and you have deployed a TRAEFIK2 ingress controller via the application library using the Easy Deploy function
- You have obtained the kubeconfig file for the cluster
- You have installed kubectl on your local machine
Expose the ingress controller using a Scaleway Load Balancer
By default, ingress controllers on Kapsule are deployed using a hostPort. This means they are accessible on all cluster nodes on ports 80 and 443. This choice was made to prevent additional costs for users during their test and deployment phase. However, for production-readiness, you might want to use a Load Balancer to expose your services on the internet.
Deploying a test application
-
Deploy the
cafe-ingress
test application:kubectl create -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/main/examples/ingress-resources/basic-auth/cafe.yaml -
Create the ingress object (
coffee-ingress.yaml
) using the DNS wildcard provided by Scaleway:apiVersion: networking.k8s.io/v1kind: Ingressmetadata:name: coffee-ingressspec:rules:- host: YOUR_SCALEWAY_DNS_WILDCARDhttp:paths:- path: /teapathType: Prefixbackend:service:name: tea-svcport:number: 80- path: /coffeepathType: Prefixbackend:service:name: coffee-svcport:number: 80Note:Your DNS wildcard is composed of your cluster ID (e.g.
68362d3b-57c8-4bea-905a-aeb7f9ab95dc
) followed by.nodes.k8s.<SCW_REGION>.scw.cloud
. For a cluster located in the Paris region, your DNS wildcard could be for example:hotdrinks.68362d3b-57c8-4bea-905a-aeb7f9ab95dc.nodes.k8s.fr-par.scw.cloud
. -
Apply the configuration:
kubectl create -f coffee-ingress.yaml -
Test the ingress:
curl http://YOUR_SCALEWAY_DNS_WILDCARD/coffee
Using a reserved IP with a Load Balancer
Reserve a flexible Load Balancer IP address through the Scaleway API. Take note of the IP address, referred to as RESERVED_IP
from now on.
Using the reserved IP in Kubernetes
-
Patch
tea-svc
to use the reserved IP with aLoadBalancer
service:kubectl patch svc tea-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}' -
Delete
tea-svc
:kubectl delete svc tea-svc -
Patch
coffee-svc
to use the reserved IP:kubectl patch svc coffee-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'