Ingress Nginx in Kubernetes

1. Install Ingress Nginx 

https://kubernetes.github.io/ingress-nginx/deploy/


helm install ingress-nginx-controller ingress-nginx --set controller.service.nodePorts.http=31845 --set controller.service.type=NodePort --set controller.replicaCount=5 --set controller.service.externalTrafficPolicy=Local --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace


If you want to upgrade the deployment as DaemonSet

helm upgrade  ingress-nginx-controller ingress-nginx/ingress-nginx -n ingress-nginx --set controller.kind=DaemonSet --set controller.service.nodePorts.http=31845 --set controller.service.type=NodePort --set controller.service.externalTrafficPolicy=Local



helm upgrade ingress-nginx-controller ingress-nginx/ingress-nginx \
  -n ingress-nginx \
  --version="4.8.2" \
  --set controller.kind=DaemonSet \
  --set controller.service.nodePorts.http=31845 \
  --set controller.service.type=NodePort \
  --set controller.service.externalTrafficPolicy=Local \
  --set controller.config.use-forwarded-headers="true" \
  --set controller.config.proxy-body-size=8m \
  --set controller.config.allow-snippet-annotations="true"

If errors happen

helm history ingress-nginx-controller -n ingress-nginx


helm rollback ingress-nginx-controller -n ingress-nginx

With this command line we will install ingress nginx to the namespace ingress-nginx

We set the service type=NodePort and the HTTP port is 31845 with 5 replicas across the cluster


2. Confix forward real-IP-client

Update the configmap of the ingress-nginx controller

use-forwarded-headers: "true"

Detailed configs: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ 


When you update this config map then these configs will be applied for all services that use Ingress to route requests to the services


To verify and watch these configs applied, you can access to the nginx-controller-pod and check the nginx.conf 


The nginx.conf is the heart of Nginx, so let's dive into it to understand what is under the water


3.  Use annotations to overwrite some configs 

https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/

When you use these annotations, you need to update the Ingress file 


for example you want to overwrite some code in the server section for your service

then you need to use enable allow-snippet-annotation: "true" in the configmap to set this value global

then after that you update the Ingress file with the annotation as below

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  annotations:

    kubernetes.io/ingress.class: nginx

    meta.helm.sh/release-name: api-release

    meta.helm.sh/release-namespace: portal-api-release

    nginx.ingress.kubernetes.io/configuration-snippet: |

      set $allowed_ips "10.254.180.165;10.235.3.243;10.235.5.119;10.254.18.0/24";

      set $client_ip $remote_addr;

      default_type application/json;

      access_by_lua_block {

        local ipmatcher = require("resty.ipmatcher")

        local client_ip = ngx.var.client_ip

        local allowed_ips = ngx.var.allowed_ips

        local allowed_ip_table = {}

        for ip in string.gmatch(allowed_ips, "[^;]+") do

            table.insert(allowed_ip_table, ip)

        end

        local ip_white_list = ipmatcher.new(allowed_ip_table)

        local is_allowed = false


        if ip_white_list:match(client_ip) then

          is_allowed = true;

        end


        if not is_allowed then

            local json_data = {

                    code = "ERR_MAINTENANCE",

                    fromDateTime = "2023-01-12T12:00",

                    toDateTime = "2023-12-30T12:00"

                };

            local json_str = require("cjson").encode(json_data);

            ngx.status = ngx.HTTP_SERVICE_UNAVAILABLE;

            ngx.say(json_str);

            ngx.exit(ngx.HTTP_SERVICE_UNAVAILABLE);

        end

      }






Comments

Post a Comment

Popular posts from this blog

Fixing the DeepSpeed Import Error While Fine-Tuning the Qwen Model

While fine-tuning the Qwen model, I encountered an error in the finetune.py script: ImportError : cannot import name 'deepspeed' from 'transformers.deepspeed' After some investigation, I discovered the issue stems from a recent update in the Transformers library. The transformers.deepspeed module has been deprecated and replaced by transformers.integrations . To fix this, you need to update the import statement in your script. The Fix Replace this: from transformers.deepspeed import deepspeed With this: from transformers.integrations import deepspeed This small change resolved the error, allowing the fine-tuning process to proceed smoothly. Additional Resources For more details, refer to the discussion in the official Transformers GitHub repository: Issue #34582 Remember to keep your library versions up-to-date to avoid similar issues in the future! 
Read more

Amazon Linux 2023 - User data configuration for launch templates to connect to the EKS cluster

  Amazon Linux 2023 (AL2023) introduces a new node initialization process nodeadm that uses a YAML configuration schema. If you’re using self-managed node groups or an AMI with a launch template, you’ll now need to provide additional cluster metadata explicitly when creating a new node group MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="//" --// Content-Type: application/node.eks.aws --- apiVersion: node.eks.aws/v1alpha1 kind: NodeConfig spec: cluster: name: my-cluster-name-prd apiServerEndpoint: https://D59F.xyz.ap-northest-2.eks.amazonaws.com certificateAuthority: Y2VydGlmaWNhdGVBdXRob3JpdHk= cidr: 172.10.0.0/16 kubelet: config: clusterDNS: - 172.10.0.10 flags: - --node-labels=app=my-app,environment=production --// Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash set -o errexit set -o pipefail set -o nounset # Install additional packages yum install -y htop jq iptables-services --//--
Read more

How to create ISM policy and rotate logs in opensearch

  { "id" : "k8s_ingress-nginx" , "policy" : { "policy_id" : "k8s_ingress-nginx" , "description" : "Move indices into a cold state after 30 days and delete them after a year." , "default_state" : "hot" , "states" : [ { "name" : "hot" , "actions" : [ { "replica_count" : { "number_of_replicas" : 1 } } ] , "transitions" : [ { "state_name" : "cold" , "conditions" : { "min_index_age" : "3d" } ...
Read more