Ingress for Docker Compose
By default
Ingresscreated inKubernetesManifestorHelmcomponents will not be interfered with. Bunnyshell handles only theIngresses withingressClassName: bns-nginx.This article refers mostly to Docker-compose components:
Application,Database,ServiceandStaticApplication.
If you want to learn why Docker Compose is unsuitable for production and how Bunnyshell can help you transition from docker-compose to Kubernetes, read this article.
Introduction
In Kubernetes, Ingress is the resources that can expose in internet an application deployed in the cluster. If you have a web application in a Pod in cluster, you need a Service that receives cluster traffic and routes it to the Pod on a specific port, and an Ingress that receives internet traffic and routes it in cluster to a specific Service and port.
Bunnyshell automatically creates for the Pod a Service resource, if the component exposes at least one port (component.dockerCompose.ports) and for the Service an Ingress resource foreach host of the component (component.hosts). Each host need to specify the hostname, path and servicePort. Optionally you can add k8s with extra configs for Ingress, such as annotations and TLS secrets, but pay attention that if you change the k8s.ingress.className, then Bunnyshell will skip creating its DNS records. Read more about URLs in Bunnyshell .
Kubernetes Cluster Requirements
To be able to receive internet traffic and route it to different Ingress resources, the cluster needs to have installed an Ingress Controller . The best way is to have also an IngressClass, to group the Ingress resources, and instruct the Ingress Controller to manage only the Ingresses from a specific IngressClass. This way you can have simultaneously in cluster groups of Ingresses, with different common configurations, and they can even be managed by different Ingress Controllers.
Bunnyshell needs to have its own, dedicated IngressClass named bns-nginx.
If you already have an Ingress Controller installed in your cluster and want it to manage also the Bunnyshell's IngressClass, then you can just create the IngressClass and instruct your IngressController to manage it.
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: bns-nginx
spec:
controller: example.com/ingress-controller # replace with your existing ingress controller
#parameters: # optionally other parameters
# apiGroup: k8s.example.com
# kind: IngressParameters
# name: external-lb
If you don't have an Ingress Controller installed in cluster, then you can install the Nginx Ingress Controller which will also create the IngressClass.
Ingress Controller Add-on
Bunnyshell can help you install the Nginx Ingress Controller in the Ingress Controller Add-on, with a universal recipe, which works on any cluster.
Just go to Bunnyshell > Integrations > Clusters > [Your cluster] > Add Add-on > Ingress Controller.
To manually install the Ingress Controller, we recommend using the Helm below
Use the Helm charts to install Nginx Ingress Controller
The following example is for the chart version 4.10.0.
Write the following values.yaml file:
controller:
ingressClass: bns-nginx
ingressClassResource:
name: bns-nginx
controllerValue: "k8s.io/ingress-nginx"
service:
type: LoadBalancer
externalTrafficPolicy: Local
config:
proxy-real-ip-cidr: "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32" # see https://www.cloudflare.com/ips/
use-forwarded-headers: "true"
proxy-buffer-size: "128k"
proxy-buffers-number: 4
proxy-body-size: "250m"
strict-validate-path-type: "false"
resources:
requests:
cpu: "100m"
memory: "300Mi"
limits:
cpu: "500m"
memory: "500Mi"
admissionWebhooks:
createSecretJob:
resources:
requests:
cpu: "100m"
memory: "20Mi"
limits:
cpu: "100m"
memory: "20Mi"
patchWebhookJob:
resources:
requests:
cpu: "100m"
memory: "20Mi"
limits:
cpu: "100m"
memory: "20Mi"
defaultBackend:
enabled: "true"
image:
registry: registry.k8s.io
image: ingress-nginx/nginx-errors
tag: v20220916-gd32f8c343@sha256:09c421ac743bace19ab77979b82186941c5125c95e62cdb40bdf41293b5c275c
resources:
limits:
cpu: "100m"
memory: "128Mi"
requests:
cpu: "100m"
memory: "128Mi"
Depending on the cloud provider, you may have to add in the values.yaml above some extra values:
controller:
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
# nothing extra to add for Microsoft Azure
# nothing extra to add for Google Cloud Platform
controller:
service:
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "false"
config:
use-proxy-protocol: "false",
proxy-real-ip-cidr: "10.0.0.0/8"
admissionWebhooks:
timeoutSeconds: 29
controller:
service:
annotations:
loadbalancer.openstack.org/keep-floatingip: "true"
service.beta.kubernetes.io/openstack-internal-load-balancer: "false"
config:
use-proxy-protocol: "false"
proxy-real-ip-cidr: "10.0.0.0/8"
controller:
service:
annotations:
service.beta.kubernetes.io/scw-loadbalancer-use-hostname: "true"
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v1: "false"
service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "false"
config:
use-proxy-protocol: "false"
proxy-real-ip-cidr: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10"
# Check the capabilities of your cloud provider
# if it can automatically provision a LoadBalancer and an IP for the Kubernetes cluster.
# If it cannot, check here more considerations https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/baremetal.md
# But probably you will have to add:
controller:
service:
type: NodePort
publishService:
enabled: "false"
Then install the chart:
helm upgrade --install \
--repo https://kubernetes.github.io/ingress-nginx \
ingress-nginx ingress-nginx --version 4.10.0 \
--namespace=ingress-nginx --create-namespace \
-f /values.yaml
Updated 3 days ago