Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Creating a network load balancer using an NGINX Ingress controller

Written by
Improved by
Updated at October 9, 2024

When installing an NGINX Ingress controller, you can create an external or internal network load balancer and set up port forwarding.

Getting started

  1. Create a service account with the editor, container-registry.images.puller, and load-balancer.admin roles for the folder. The load-balancer.admin role is required to create a network load balancer.

  2. Create security groups for the Managed Service for Kubernetes cluster and its node groups.

    Warning

    The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.

  3. Create a Managed Service for Kubernetes cluster. In the cluster settings, specify the service account and the security groups created earlier.

  4. Install Helm v3.8.0 or higher.

  5. Install kubectl and configure it to work with the created cluster.

  6. Set up Helm to work with the NGINX repository:

    1. Add a repository for NGINX to Helm:

      helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx

      Result:

      "ingress-nginx" has been added to your repositories

    2. Update the dataset to create an application instance in the Managed Service for Kubernetes cluster:

      helm repo update

      Result:

      Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈

    Tip

    You can also install an NGINX Ingress controller using Yandex Cloud Marketplace.

External network load balancer

An external network load balancer is created when installing an NGINX Ingress controller in a standard configuration:

helm install ingress-nginx ingress-nginx/ingress-nginx

Result:

NAME: ingress-nginx
LAST DEPLOYED: Sun Jul 18 22:35:37 2022
NAMESPACE: default
...
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller'
...

Internal network load balancer

To install an internal network load balancer:

  1. Configure the controller. To do this, create a values.yaml configuration file and specify there the ID of the subnet the network load balancer should run in:

    controller:
  service:
    external:
      enabled: false
    internal:
      enabled: true
      annotations:
        yandex.cloud/load-balancer-type: internal
        yandex.cloud/subnet-id: <subnet_ID>

  2. Install the NGINX Ingress controller using the values.yaml configuration file:

    helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginx

    Result:

    NAME: ingress-nginx
LAST DEPLOYED: Sun Jul 18 22:55:37 2022
NAMESPACE: default
...
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller'
...

Check the result

To make sure the required network load balancer is created, get a list of network load balancers in the folder.

Port forwarding

Even though NGINX Ingress controllers officially support external HTTP and HTTPS traffic routing only, you can configure them to accept external TCP or UDP traffic and redirect it to internal services. To do this, install an Ingress controller using a configuration file named values.yaml with traffic redirect settings and portNamePrefix.

  1. Create a values.yaml file:

    <protocol>: {<external_port>: "<service_namespace>/<service_name>:<internal_port>"}
portNamePrefix: "<prefix>"

    Where <protocol> is the tcp or udp protocol.

  2. Install the NGINX Ingress controller using the values.yaml configuration file:

    helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginx

Example

Let's say we need to set up traffic forwarding with the following parameters:

  • Service name: example-go
  • Service namespace: default
  • Internal service port: 8080
  • External port: 9000
  • Port name prefix: test

The values.yaml configuration file for this forwarding configuration:

tcp: {9000: "default/example-go:8080"}
portNamePrefix: "test"

After you install the Ingress controller, the created network load balancer will have an additional listener, test-9000-tcp, with the forwarding settings you specified.

The port name for the NGINX Ingress controller and network load balancer's listener is based on the forwarding settings: <external_port>-<protocol>. Due to the Yandex Cloud limitations, listener names may not start with numbers. Therefore, to ensure the settings are correct, prefix the name with portNamePrefix. The resulting port and listener name will be generated in <portNamePrefix_value>-<external_port>-<protocol> format.

Due to technical restrictions, port names may contain a maximum of 15 characters and listener names may not start with numbers. Therefore, make sure that your portNamePrefix:

  • Starts with a letter.
  • Is no longer than 5-8 characters, depending on the external port value length.

To make sure that port forwarding is configured properly, view the list of listeners in the network load balancer details.

Previous
Configuring NodeLocal DNS for the Cilium network policy controller
Next
Dynamic volume provisioning