This topic describes how to deploy multiple independent NGINX ingress controllers in a Kubernetes cluster to provide different services to external users.
Prerequisites
Background information
The Configure an ingress controller to use an internal SLB instance topic describes how to modify the default configurations of the NGINX ingress controller in your
cluster to use internal SLB instances. The two solutions described in the topic meet
the needs of most scenarios. This topic describes a solution that applies to scenarios
where multiple services are deployed in a cluster. Some services are accessed by external
users through Internet ingresses. Some services are only accessed by non-Kubernetes
workloads deployed in the same VPC. In this scenario, you can deploy two independent NGINX ingress controllers in the cluster and bind them
to SLB instances of different network types.
Deploy a new NGINX ingress controller
You can perform the following steps to deploy an independent NGINX ingress controller in a cluster.
- On the App Catalog - ack-ingress-nginx page, click Parameters. In the Deploy section on the right, specify a cluster, a namespace, and a release name, and click
Create.
The following table describes related parameters.Parameter Description controller.image.repository The image repository of ingress-nginx. If the cluster is deployed in regions outside China, we recommend that you set the parameter to the ID of the region. controller.image.tag The image version of ingress-nginx. controller.ingressClass The ingress class of the ingress controller. The ingress controller handles only the ingress resources that are annotated with the ingress class. Notice In a cluster, the ingress class of each ingress controller must be unique. The ingress class of the default ingress controller in a cluster is nginx. Therefore, do not set this parameter to nginx.controller.replicaCount The number of pod replicas of the ingress controller. controller.publicService.enabled Specify whether to use a public SLB instance for load balancing. If you do not want to use a public SLB instance, set the parameter to false. controller.privateService.enabled Specify whether to use an internal SLB instance for load balancing. If you want to use an internal SLB instance, set the parameter to true. controller.kind Specify whether to use Deployment or DaemonSet to deploy the ingress controller. In the left-side navigation pane, choose . On the Helm tab, the new NGINX ingress controller is listed.
Test the connectivity
The following example deploys a test application and exposes the application to external users through the new NGINX ingress controller.
- Deploy a test application.
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx spec: replicas: 1 selector: matchLabels: run: nginx template: metadata: labels: run: nginx spec: containers: - image: nginx imagePullPolicy: Always name: nginx ports: - containerPort: 80 protocol: TCP restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: nginx spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: run: nginx sessionAffinity: None type: NodePort - Use the NGINX ingress to expose the application to external users.
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx annotations: # Set this parameter to the ingress class of the new NGINX ingress controller. kubernetes.io/ingress.class: "<YOUR_INGRESS_CLASS>" spec: rules: - host: foo.bar.com http: paths: - path: / backend: serviceName: nginx servicePort: 80Note You must configure the kubernetes.io/ingress.class annotation.After the application is deployed, the ingress IP address is the same as the IP address of the new NGINX ingress controller.kubectl -n kube-system get svc nginx-ingress-lb NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-ingress-lb LoadBalancer 172.19.7.30 47.95.97.115 80:31429/TCP,443:32553/TCP 2d kubectl -n <YOUR_NAMESPACE> get svc nginx-ingress-lb NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-ingress-lb LoadBalancer 172.19.6.227 39.105.252.62 80:30969/TCP,443:31325/TCP 39m kubectl get ing NAME HOSTS ADDRESS PORTS AGE nginx foo.bar.com 39.105.252.62 80 5m - Access the application through the default and new NGINX ingress controllers.
# Access the application through the default NGINX ingress controller. The 404 status code is expected. curl -H "Host: foo.bar.com" http://47.95.97.115 default backend - 404 # Access the application through the new NGINX ingress controller. The NGINX welcome page is expected. curl -H "Host: foo.bar.com" http://39.105.252.62 <! DOCTYPE html> <html> <head> <title>Welcome to nginx! </title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx! </h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
The preceding tests show that applications exposed through different NGINX ingress controllers do not interfere each other. This solution applies to scenarios where some services must be available for Internet users while others only allow requests from non-Kubernetes workloads in the same VPC.