Deployment
The following is an example of a simple-fanout Ingress implementation.
In this example, the client can access service1 with the URL https://test.com/info
and access service2 with the URL https://test.com/hello
.
Service1 defines a logical set of Pods with the label run=sise
. Sise is a simple HTTP web server.
Service2 defines a logical set of Pods with the label run=nginx-demo
. Nginx is also a simple HTTP web server. Services are deployed under the namespace default
.
Deploy the Pods and expose the Services
kubectl run sise --generator=run-pod/v1 --image=mhausenblas/simpleservice:0.5.0 --port=9876 kubectl expose pod sise -n default --type="NodePort" --port=1241 \ --target-port=9876 --name="service1" kubectl run nginx-demo --generator=run-pod/v1 --image=nginxdemos/hello kubectl expose pod nginx-demo -n default --type="NodePort" --port=1242 \ --target-port=80 --name="service2"
Check the service1 and service2 you have deployed.
kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 10m service2 NodePort 10.109.117.79 <none> 1242:32075/TCP 2m59s
Deploy the Ingress
Define the Simple-fanout Ingress resource.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: simple-fanout-example annotations: { "fortiadc-ip" : "10.0.100.133", "fortiadc-login" : "fad-login", "fortiadc-vdom" : "root", "fortiadc-ctrl-log" : "enable", "virtual-server-ip" : "172.23.133.6", "virtual-server-interface" : "port1", "virtual-server-port" : "443", "load-balance-method" : "LB_METHOD_LEAST_CONNECTION", "load-balance-profile" : "LB_PROF_HTTPS" } spec: ingressClassName: fadc-ingress-controller rules: - host: test.com http: paths: - path: /info pathType: Prefix backend: service: name: service1 port: number: 1241 - path: /hello pathType: Prefix backend: service: name: service2 port: number: 1242
Deploy it with kubectl
command.
kubectl apply -f simple-fanout.yaml
ingress.networking.k8s.io/simple-fanout-example created
Get the information of the simple-fanout-example Ingress by using the kubectl describe command.
user@master-node ~> kubectl describe ingress simple-fanout-example Name: simple-fanout-example Namespace: default Address: 172.23.133.6 Default backend: default-http-backend:80 Rules: Host Path Backends ---- ---- -------- test.com /info service1:1241 (10.244.1.16:9876) /hello service2:1242 (10.244.12.26:80) Annotations: fortiadc-admin: admin fortiadc-ctrl-log: enable fortiadc-ip: 10.0.100.133 fortiadc-vdom: root load-balance-method: LB_METHOD_LEAST_CONNECTION load-balance-profile: LB_PROF_HTTPS virtual-server-interface: port1 virtual-server-ip: 172.23.133.6 virtual-server-port: 443 Events: <none>
FortiView
Check the deployed Ingress with FortiView.
Try to access https://test.com/info
.
Try to access https://test.com/hello
.
Update or delete the Ingress
To update an Ingress resource:
You can edit the ingress.yaml.
and use kubectl apply
or use the kubectl edit
command.
kubectl edit ingress simple-fanout-example
To delete the Ingress resource:
kubectl delete ingress/simple-fanout-example
Add, update or delete Service and Node
Service
FortiADC Ingress Controller only monitors port sections and annotations defined in services used in the deployed Ingress resource. For example, let the service2 also handle traffic with the TCP destination port 8080 to the nginx pod. Use the kubectl edit
command to see the original service2 spec.
kubectl edit service service2
#original definition of service2 apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-10-21T08:50:31Z" labels: run: nginx-demo name: service2 namespace: default resourceVersion: "26766217" selfLink: /api/v1/namespaces/default/services/service2 uid: 69aa596e-1f23-4696-b770-6202654058a5 spec: clusterIP: 10.109.117.79 externalTrafficPolicy: Cluster ports: - nodePort: 32075 port: 1242 protocol: TCP targetPort: 80 selector: run: nginx-demo sessionAffinity: None type: NodePort status: loadBalancer: {}
Now, add another port and give each port a name. In the example below, take note of the code in bold text.
# Modified service2 apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-10-21T08:50:31Z" labels: run: nginx-demo name: service2 namespace: default resourceVersion: "26766217" selfLink: /api/v1/namespaces/default/services/service2 uid: 69aa596e-1f23-4696-b770-6202654058a5 spec: clusterIP: 10.109.117.79 externalTrafficPolicy: Cluster ports: - name: http-80 nodePort: 32075 port: 1242 protocol: TCP targetPort: 80 - name: http-8080 port: 1243 protocol: TCP targetPort: 8080 selector: run: nginx-demo sessionAffinity: None type: NodePort status: loadBalancer: {}
Check the service with the kubectl get
command. You can see service2 has registered with the second port 1243 and get a NodePort 31879 allocated from Kubernetes.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service1 NodePort 10.111.143.250 <none> 1241:31320/TCP 4d21h service2 NodePort 10.109.117.79 <none> 1242:32075/TCP,1243:31879/TCP 4d21h
And check the FortiADC real server pool default_service2. You can see the pool members with port 31879 are added.
Note: If you delete the service used in the deployed Ingress resources, Kubernetes would not give you any warning, and FortiADC Ingress Controller would not handle any delete events on the service.
Node
If you add or delete a worker node, FortiADC Ingress Controller will check the deployed Ingress resources and handle the add/delete event. For updating a node, FortiADC Ingress Controller only monitors the node’s IP.
The original node IP of slave-node2 is 10.0.100.9.
In the FortiADC, check the original node IP of slave-node2 is 10.0.100.9.
Now, change the IP on the slave-node2 to 10.0.100.95. Use kubectl
command to check the node IP again.
Check the FortiADC Ingress Controller logs. FortiADC Ingress Controller handles the IP change event on node slave-node2.
In FortiADC, check the slave-node2 IP again.