Creating a network load balancer using an NGINX Ingress controller
When installing an NGINX Ingress controller
Getting started
-
Create a service account with the
editor
,container-registry.images.puller
, andload-balancer.admin
roles for the folder. Theload-balancer.admin
role is required to create a network load balancer. -
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Managed Service for Kubernetes cluster. In the cluster settings, specify the service account and the security groups created earlier.
-
Install Helm
v3.8.0 or higher. -
Install kubectl
and configure it to work with the created cluster. -
Set up Helm to work with the NGINX repository:
-
Add a repository for NGINX to Helm:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Result:
"ingress-nginx" has been added to your repositories
-
Update the dataset to create an application instance in the Managed Service for Kubernetes cluster:
helm repo update
Result:
Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "ingress-nginx" chart repository Update Complete. ⎈Happy Helming!⎈
Tip
You can also install an NGINX Ingress controller using Yandex Cloud Marketplace.
-
External network load balancer
An external network load balancer is created when installing an NGINX Ingress controller in a standard configuration:
helm install ingress-nginx ingress-nginx/ingress-nginx
Result:
NAME: ingress-nginx
LAST DEPLOYED: Sun Jul 18 22:35:37 2022
NAMESPACE: default
...
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller'
...
Internal network load balancer
To install an internal network load balancer:
-
Configure the controller
. To do this, create avalues.yaml
configuration file and specify there the ID of the subnet the network load balancer should run in:controller: service: external: enabled: false internal: enabled: true annotations: yandex.cloud/load-balancer-type: internal yandex.cloud/subnet-id: <subnet_ID>
-
Install the NGINX Ingress controller using the
values.yaml
configuration file:helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginx
Result:
NAME: ingress-nginx LAST DEPLOYED: Sun Jul 18 22:55:37 2022 NAMESPACE: default ... The ingress-nginx controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller' ...
Check the result
To make sure the required network load balancer is created, get a list of network load balancers in the folder.
Port forwarding
Even though NGINX Ingress controllers officially support external HTTP and HTTPS traffic routing only, you can configure them to accept external TCP or UDP traffic and redirect it to internal services. To do this, install an Ingress controller using a configuration filevalues.yaml
with traffic redirect settings and portNamePrefix
.
-
Create a
values.yaml
file:<protocol>: {<external_port>: "<service_namespace>/<service_name>:<internal_port>"} portNamePrefix: "<prefix>"
Where
<protocol>
is thetcp
orudp
protocol. -
Install the NGINX Ingress controller using the
values.yaml
configuration file:helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginx
Example
Let's say we need to set up traffic forwarding with the following parameters:
- Service name:
example-go
- Service namespace:
default
- Internal service port:
8080
- External port:
9000
- Port name prefix:
test
The
values.yaml
configuration file for this forwarding configuration:
tcp: {9000: "default/example-go:8080"} portNamePrefix: "test"
After you install the Ingress controller, the created network load balancer will have an additional listener, test-9000-tcp
, with the forwarding settings you specified.
The port name for the NGINX Ingress controller and network load balancer's listener is based on the forwarding settings: <external_port>-<protocol>
. Due to the Yandex Cloud limitations, listener names may not start with numbers. Therefore, to ensure the settings are correct, prefix the name with portNamePrefix
. The resulting port and listener name will be generated in <portNamePrefix_value>-<external_port>-<protocol>
format.
Due to technical restrictions, port names may contain a maximum of 15 characters and listener names may not start with numbers. Therefore, make sure that your portNamePrefix
:
- Starts with a letter.
- Is no longer than 5-8 characters, depending on the external port value length.
To make sure that port forwarding is configured properly, view the list of listeners in the network load balancer details.