Deployment
The following is an example of a simple-fanout Ingress implementation.
In this example, the client can access service1 with the URL https://test.com/info and access service2 with the URL https://test.com/hello.
Service1 defines a logical set of Pods with the label run=sise. Sise is a simple HTTP web server.
Service2 defines a logical set of Pods with the label run=nginx-demo. Nginx is also a simple HTTP web server. Services are deployed under the namespace default.
Deploy the Pods and expose the Services
kubectl run sise --generator=run-pod/v1 --image=mhausenblas/simpleservice:0.5.0 --port=9876 kubectl expose pod sise -n default --type="NodePort" --port=1241 \ --target-port=9876 --name="service1" kubectl run nginx-demo --generator=run-pod/v1 --image=nginxdemos/hello kubectl expose pod nginx-demo -n default --type="NodePort" --port=1242 \ --target-port=80 --name="service2"
Check the service1 and service2 you have deployed.
kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 10m service2 NodePort 10.109.117.79 <none> 1242:32075/TCP 2m59s
Deploy the Ingress
Define the Simple-fanout Ingress resource.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-fanout-example
annotations: {
"fortiadc-ip" : "10.0.100.133",
"fortiadc-login" : "fad-login",
"fortiadc-vdom" : "root",
"fortiadc-ctrl-log" : "enable",
"virtual-server-ip" : "172.23.133.6",
"virtual-server-interface" : "port1",
"virtual-server-port" : "443",
"load-balance-method" : "LB_METHOD_LEAST_CONNECTION",
"load-balance-profile" : "LB_PROF_HTTPS"
}
spec:
ingressClassName: fadc-ingress-controller
rules:
- host: test.com
http:
paths:
- path: /info
pathType: Prefix
backend:
service:
name: service1
port:
number: 1241
- path: /hello
pathType: Prefix
backend:
service:
name: service2
port:
number: 1242
Deploy it with kubectl command.
kubectl apply -f simple-fanout.yaml
ingress.networking.k8s.io/simple-fanout-example created
Get the information of the simple-fanout-example Ingress by using the kubectl describe command.
user@master-node ~> kubectl describe ingress simple-fanout-example
Name: simple-fanout-example
Namespace: default
Address: 172.23.133.6
Default backend: default-http-backend:80
Rules:
Host Path Backends
---- ---- --------
test.com
/info service1:1241 (10.244.1.16:9876)
/hello service2:1242 (10.244.12.26:80)
Annotations: fortiadc-admin: admin
fortiadc-ctrl-log: enable
fortiadc-ip: 10.0.100.133
fortiadc-vdom: root
load-balance-method: LB_METHOD_LEAST_CONNECTION
load-balance-profile: LB_PROF_HTTPS
virtual-server-interface: port1
virtual-server-ip: 172.23.133.6
virtual-server-port: 443
Events: <none>
FortiView
Check the deployed Ingress with FortiView.
Try to access https://test.com/info.
Try to access https://test.com/hello.
Update or delete the Ingress
To update an Ingress resource:
You can edit the ingress.yaml. and use kubectl apply or use the kubectl edit command.
kubectl edit ingress simple-fanout-example
To delete the Ingress resource:
kubectl delete ingress/simple-fanout-example
Add, update or delete Service and Node
Service
FortiADC Ingress Controller only monitors port sections and annotations defined in services used in the deployed Ingress resource. For example, let the service2 also handle traffic with the TCP destination port 8080 to the nginx pod. Use the kubectl edit command to see the original service2 spec.
kubectl edit service service2
#original definition of service2
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-10-21T08:50:31Z"
labels:
run: nginx-demo
name: service2
namespace: default
resourceVersion: "26766217"
selfLink: /api/v1/namespaces/default/services/service2
uid: 69aa596e-1f23-4696-b770-6202654058a5
spec:
clusterIP: 10.109.117.79
externalTrafficPolicy: Cluster
ports:
- nodePort: 32075
port: 1242
protocol: TCP
targetPort: 80
selector:
run: nginx-demo
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
Now, add another port and give each port a name. In the example below, take note of the code in bold text.
# Modified service2
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-10-21T08:50:31Z"
labels:
run: nginx-demo
name: service2
namespace: default
resourceVersion: "26766217"
selfLink: /api/v1/namespaces/default/services/service2
uid: 69aa596e-1f23-4696-b770-6202654058a5
spec:
clusterIP: 10.109.117.79
externalTrafficPolicy: Cluster
ports:
- name: http-80
nodePort: 32075
port: 1242
protocol: TCP
targetPort: 80
- name: http-8080
port: 1243
protocol: TCP
targetPort: 8080
selector:
run: nginx-demo
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
Check the service with the kubectl get command. You can see service2 has registered with the second port 1243 and get a NodePort 31879 allocated from Kubernetes.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 4d21h service2 NodePort 10.109.117.79 <none> 1242:32075/TCP,1243:31879/TCP 4d21h
And check the FortiADC real server pool default_service2. You can see the pool members with port 31879 are added.
Note: If you delete the service used in the deployed Ingress resources, Kubernetes would not give you any warning, and FortiADC Ingress Controller would not handle any delete events on the service.
Node
If you add or delete a worker node, FortiADC Ingress Controller will check the deployed Ingress resources and handle the add/delete event. For updating a node, FortiADC Ingress Controller only monitors the node’s IP.
The original node IP of slave-node2 is 10.0.100.9.
In the FortiADC, check the original node IP of slave-node2 is 10.0.100.9.
Now, change the IP on the slave-node2 to 10.0.100.95. Use kubectl command to check the node IP again.
Check the FortiADC Ingress Controller logs. FortiADC Ingress Controller handles the IP change event on node slave-node2.
In FortiADC, check the slave-node2 IP again.
