Question regarding AKS, each time release CD. The Kubernetes will give random IP Address to my services.
I would like to know how to bind the domain to the IP?
Can someone give me some link or article to read?
You have two options.
You can either deploy a Service with type=LoadBalancer which will provision a cloud load balancer. You can then point your DNS entry to that provisioned LoadBalancer with (for example) a CNAME.
More information on this can be found here
Your second option is to use an Ingress Controller with an Ingress Resource. This offers much finer grained access via url parameters. You'll probably need to deploy your ingress controller pod/service with a service Type=LoadBalancer though, to make it externally accessible.
Here's an article which explains how to do ingress on Azure with the nginx-ingress-controller
Related
I want to add some custom ports in LoadBalancer on my Azure-OpenShift setup(It might be ARO cluster/Azure VM's with OpenShift installer).
Do we have option to edit/configure Azure loadbalancer for changing custom ports?
If yes, Which is the best way to do. For Example, editing in service manifest or yaml with my custom ports or from AZURE UI etc.
Scenario: I have a customer, where I can say please do these steps for changing ports in loadbalancer and you can have your own Ports which has to present for his Azure-OpenShift setup.
OpenShift cluster has loadbalancers for API and Ingress.
OpenShift 4.x doesn't manager the API loadbalancer so you can change configuration of the loadbalancer from Azure portal. However, on ARO, you can not change the load balancer on Azure portal because all the resources managed by Azure *1.
For the ingress loadbalancer, that is managed by Load Balancer Service. So, you should modify a yaml file on you cluster as cluster administrator. However, the service is deployed by Ingress Operator. If you removed/changed the service content, Operator may roll back your service as it is.
I couldn't find any option on the documentation *2. But you can try to modify the service as you want.
*1: https://learn.microsoft.com/en-us/azure/openshift/openshift-service-definitions#azure-resource-architecture
*2: https://docs.openshift.com/container-platform/4.11/rest_api/operator_apis/ingresscontroller-operator-openshift-io-v1.html
I have a AKS cluster with default FQDN name with the suffix of "cloudapp.azure.com". I want to get a domain and apply it to the cluster but am not sure how to apply custom domain to Kubernetes cluster in azure.
Can anyone help me with the steps to apply custom domain name to AKS cluster?
If I understand you correctly, you've already deployed your application on Kubernetes and want to connect it to your custom domain name.
For this purpose you can use NGINX Ingress Controller.
Below I will briefly describe how you can do it on AKS:
First you need to create an ingress controller and ingress resource. For Azure AKS detailed instructions can be found here: create-an-ingress-controller.
Note: By default, the public IP address acquired by NGINX Ingress is lost
if the controller is deleted. I recommend you to
create static public IP address, because it remains if the ingress controller is deleted.
Next identify the public IP address (EXTERNAL-IP) associated with
your NGINX Ingress service that was created in the previous step.
Now you need to create an A DNS record, to point your domain to the cluster.
Additionally you may
want to provide CNAME record, but is isn't mandatory and depends
on your needs.It is possible to create Azure DNS Zone for your
custom domain and then add appropriate record sets to this zone.
Note: Azure DNS is not the domain registrar, you have to configure the
Azure DNS name servers as the correct name servers for
the domain name with the domain name registrar. For more
information, see Delegate a domain to Azure DNS.
Azure won't provide you the DNS names, but it has a service named as DNS zone, where you can register your custom domain ( that you may have from providers like GoDaddy etc ), the externalIP of the ingress or any other load balancer that you see in the AKS clusters can be mapped to this custom domain name in the DNS zone and this will take the traffic to the respective AKS cluster.
Advantage of DNS zone is that, you can enter multiple alias URLs as well and can make them to take traffic to AKS cluster, like
abc.com is your domain ( let's say )
api.abc.com is for mobile applications to communicate with AKS and this can be pointed to same URL via CNames in DNS zone.
You can have multiple options here based on your usecase, refer Azure's documentation on DNS zones for that
Explaining my confusion / lack of understanding
When reading about the external LoadBalancer in K8s, which is a cloud provider only feature, I don't quite understand when it should be used, as when one creates a Deployment K8s will do Round Robin load balancing on the pods in that Deployment.
So from my current understanding all one would need to do is make a NodeIP, and you have the equivalent of an external load balancer?
Or should I think of the LoadBalancer type as haproxy/nginx/Envoy, where one can do SSL, reverse proxy, and many other useful things?
My current guess is that the proper use of LoadBalancer is to add many NodeIP's, but I can't find anything to back that up.
Question
Can anyone explain when and why to use LoadBalancer and not just using the NodeIP?
For example, You want to deploy multiple applications in your cluster, say 10 apps.
You would like to access these 10 apps over internet. One way is to set those 10 application services as nodeport so you can access them from outside. For this to happen kubernetes opens 10 nodeports on each cluster node. This is a security risk.
In most of the enterprises where they work behind firewall in a closed network dont allow external traffic to/from any ports other than http/https ( 80/443 ).
One way is to set service type as Loadbalancer for each application service. So, to access 10 app, you will be provisioning 10 load balancers to access the app servers over http/https ports. Since loadbalancers are charged resources, economically it is not viable to have one load balancer for each service that you want to access over itnernet.
Is there a way to access all those 10 app services running inside kubernetes over single port. This is where ingress controller comes into picture.
Ingress controller allows single ip-port to access all services running in k8s through ingress rules. The ingress controller service is set to load balancer so it is accessible from public internet
I want to deploy some kubernetes workloads, which are visible from some other VM's on Azure but not visible from the outside world.
For example: I might have a VM running a Zuul Gateway which for some routes I want to redirect to the K8s cluster, yet I don't want to allow people to directly access my K8s cluster.
Is it possible to place my AKS inside a VPN? If so, how should I achieve this?
In addition to options, pointed out by #4c74356b41, you can run ingress controller on the cluster, and limit it to your internal server IP only
So this isnt possible now (at least out of the box) due to the nature of AKS being a service with no VNet integration as of yet. You can try to hack around this, but it will probably not work really well as your agents need to talk to the master.
I see 2 options:
Use internal load balancers instead of public ones to expose your services
Use ACS which has vnet integration, but I'm not sure if you can apply 2 routes to the same vnet
How to add multiple ingress or Load balancers in kubernetes for separate services,
here is the post who I ended up creating a ingress to my sub-domain. Is there any way we can specific the same IP address created by GCE to launch multiple Ingress resources.
I am using GCE for hosting my cluster. If there is a better way to handle this scenario to have multiple resources to expose a service with a sub-domain www.app1.domain.com, www.app2.domain.com which are entirely different apps and have two ingress resources that point to two these specific services using same external IP address.
From the post I could able to create but unable to specify the external IP address to it.
Any help is much appreciated, thank you.
You can just define multiple Ingress resources and put them to Kubernetes - they don't have to be in the same yaml file. All ingress resources share the same proxy and they are routed via the defined hostname and path to the wanted service.
I am not sure what you mean with the external IP address.