Sidebar navigationMain contentFooter
HomeContainersKubernetesReference Content
Using a Load Balancer with Ingress
Jump toUpdate content

Exposing a Kubernetes Kapsule ingress controller service with a Load Balancer

Reviewed on 26 October 2023 • Published on 05 May 2020

This tutorial will guide you through deploying a test application on a Kubernetes cluster, exposing it via an ingress object, and using a Scaleway Load Balancer to make the IP persistent.

Security & Identity (IAM):

You may need certain IAM permissions to carry out some actions described on this page. This means:

  • you are the Owner of the Scaleway Organization in which the actions will be carried out, or
  • you are an IAM user of the Organization, with a policy granting you the necessary permission sets
Requirements:

Expose the ingress controller using a Scaleway Load Balancer

By default, ingress controllers on Kapsule are deployed using a hostPort. This means they are accessible on all cluster nodes on ports 80 and 443. This choice was made to prevent additional costs for users during their test and deployment phase. However, for production-readiness, you might want to use a Load Balancer to expose your services on the internet.

Deploying a test application

  1. Deploy the cafe-ingress test application:

    kubectl create -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/main/examples/ingress-resources/basic-auth/cafe.yaml

  2. Create the ingress object (coffee-ingress.yaml) using the DNS wildcard provided by Scaleway:

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: coffee-ingress
    spec:
      rules:
        - host: YOUR_SCALEWAY_DNS_WILDCARD
          http:
            paths:
              - path: /tea
                pathType: Prefix
                backend:
                  service:
                    name: tea-svc
                    port:
                      number: 80
              - path: /coffee
                pathType: Prefix
                backend:
                  service:
                    name: coffee-svc
                    port:
                      number: 80
    Note:

    Your DNS wildcard is composed of your cluster ID (e.g. 68362d3b-57c8-4bea-905a-aeb7f9ab95dc) followed by .nodes.k8s.<SCW_REGION>.scw.cloud. For a cluster located in the Paris region, your DNS wildcard could be for example: hotdrinks.68362d3b-57c8-4bea-905a-aeb7f9ab95dc.nodes.k8s.fr-par.scw.cloud.

  3. Apply the configuration:

    kubectl create -f coffee-ingress.yaml

  4. Test the ingress:

    curl http://YOUR_SCALEWAY_DNS_WILDCARD/coffee

Using a reserved IP with a Load Balancer

Reserve a flexible Load Balancer IP address through the Scaleway API. Take note of the IP address, referred to as RESERVED_IP from now on.

Using the reserved IP in Kubernetes

  1. Patch tea-svc to use the reserved IP with a LoadBalancer service:

    kubectl patch svc tea-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'

  2. Delete tea-svc:

    kubectl delete svc tea-svc

  3. Patch coffee-svc to use the reserved IP:

    kubectl patch svc coffee-svc --type merge --patch '{"spec":{"loadBalancerIP": "RESERVED_IP","type":"LoadBalancer"}}'