Creating a network load balancer using an NGINX Ingress controller
When installing an NGINX Ingress controller, you can create an external or internal network load balancer and set up port forwarding.
Getting started
-
Create a service account with the
k8s.clusters.agent,vpc.publicAdmin,container-registry.images.puller, andload-balancer.adminroles for the folder. Theload-balancer.adminrole is required to create a network load balancer. -
Create security groups for the Managed Service for Kubernetes cluster and its node groups.
Warning
The configuration of security groups determines the performance and availability of the cluster and the services and applications running in it.
-
Create a Managed Service for Kubernetes cluster. In the cluster settings, specify the service account and the security groups created earlier.
-
Install Helm v3.8.0 or higher.
-
Install kubect and configure it to work with the new cluster.
-
Set up Helm to work with the NGINX repository:
-
Add a repository for NGINX to Helm:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginxResult:
"ingress-nginx" has been added to your repositories -
Update the dataset to create an application instance in the Managed Service for Kubernetes cluster:
helm repo updateResult:
Hang tight while we grab the latest from your chart repositories... ...Successfully got an update from the "ingress-nginx" chart repository Update Complete. ⎈Happy Helming!⎈
Tip
You can also install an NGINX Ingress controller using Yandex Cloud Marketplace.
-
External network load balancer
To create a network load balancer, the service account linked to your Managed Service for Kubernetes cluster must have the load-balancer.admin role.
An external network load balancer is created when installing an NGINX Ingress controller in a standard configuration:
helm install ingress-nginx ingress-nginx/ingress-nginx
Result:
NAME: ingress-nginx
LAST DEPLOYED: Sun Jul 18 22:35:37 2022
NAMESPACE: default
...
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller'
...
Internal network load balancer
To create a network load balancer, the service account linked to your Managed Service for Kubernetes cluster must have the load-balancer.admin role.
To install an internal network load balancer:
-
Configure the controller. To do this, create a configuration file named
values.yamland specify in it the ID of the subnet the network load balancer should operate in:controller: service: external: enabled: false internal: enabled: true annotations: yandex.cloud/load-balancer-type: internal yandex.cloud/subnet-id: <subnet_ID> -
Install an NGINX Ingress controller using the
values.yamlconfiguration file:helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginxResult:
NAME: ingress-nginx LAST DEPLOYED: Sun Jul 18 22:55:37 2022 NAMESPACE: default ... The ingress-nginx controller has been installed. It may take a few minutes for the LoadBalancer IP to be available. You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller' ...
Check the result
To make sure the network load balancer was created, get a list of network load balancers in the folder.
Port forwarding
Even though NGINX Ingress controllers officially support external HTTP and HTTPS traffic routing only, you can configure them to accept external TCP or UDP traffic and redirect it to internal services. To do this, install an Ingress controller using the values.yaml configuration file with traffic redirect settings and portNamePrefix.
-
Create a file named
values.yaml:<protocol>: {<external_port>: "<service_namespace>/<service_name>:<internal_port>"} portNamePrefix: "<prefix>"Where
<protocol>is the protocol,tcporudp. -
Install a NGINX Ingress controller using the
values.yamlconfiguration file:helm install ingress-nginx -f values.yaml ingress-nginx/ingress-nginx
Example
Let's say we need to set up traffic forwarding with the following parameters:
- Service name:
example-go.- Service namespace:
default.- Internal service port:
8080.- External port:
9000.- Port name prefix:
test.
values.yamlconfiguration file for such forwarding:tcp: {9000: "default/example-go:8080"} portNamePrefix: "test"
After you install the Ingress controller, the new network load balancer will have an additional listener, test-9000-tcp, with the forwarding settings you specified.
The names of the NGINX Ingress controller's port and network load balancer's listener are based on the forwarding settings: <external_port>-<protocol>. Due to Yandex Cloud's limitations, the listener's name may not start with numbers, so prefix it with portNamePrefix to ensure the settings are correct. The port and listener names will thus be generated in <portNamePrefix_value>-<external_port>-<protocol> format.
Due to technical limitations, the port name is limited to 15 characters and the listener name must not start with numbers. Therefore, make sure that your portNamePrefix prefix:
- Starts with letters.
- Is no longer than 5-8 characters, depending on the external port value length.
To make sure that port forwarding is configured properly, view the list of listeners in the network load balancer details.