K
Q

Make k8s services available via ingress on an AWS cluster created with kops

7/24/2017

After trying kubernetes on a few KVMs with kubeadm, I'd like to setup a proper auto-scalable cluster on AWS with kops and serve a few websites with it.

The mind-blowing magic of kops create cluster ... gives me a bunch of ec2 instances, makes the k8s API available at test-cluster.example.com and even configures my local ~/.kube/config so that I can kubectl apply -f any-stuff.yaml right away. This is just great!

I'm at the point when I can send my deployments to the cluster and configure the ingress rules – all this stuff is visible in the dashboard. However, at the moment it's not very clear how I can associate the nodes in my cluster with the domain names I've got.

In my small KVM k8s I simply install traefik and expose it on ports :80 and :443. Then I go to my DNS settings and add a few A records, which point to the public IP(s) of my cluster node(s). In AWS, there is a dynamic set of VMs, some of which may go down when the cluster is not under heavy load. So It feels like I need to use an external load balancer given that my traefik helm chart service exposes two random ports instead of fixed :80 and :443, but I'm not sure.

What are the options? What is their cost? What should go to DNS records in case if the domains are not controlled by AWS?

-- Alexander Kachkaev
amazon-web-services
kops
kubernetes
traefik

Similar Questions

Kubernetes - is there a repository for centos that works?
Kubernetes Helm, combine two variables with a string in the middle
Testing OpenID authentication with kubernetes
How to delete the pod for one time task in kubernetes automatically?

2 Answers

8/8/2017

Configuring your service as a LoadBalancer service is not sufficient for your cluster to to setup the actual loadbalancer, you need an ingress controller running like the one above.

You should add the kops nginx ingress addon: https://github.com/kubernetes/kops/tree/master/addons/ingress-nginx

In this case the nginx ingress controller on AWS will find the ingress and create an AWS ELB for it. I am not sure of the cost, but its worth it.

You can also consider Node Ports which you can access against the node's public ips and node port (be sure to add a rule to your security group)

You can also consider the new AWS ELB v2 or ALB which supports Http/2 and websockets. You can use the alb-ingress-controller https://github.com/coreos/alb-ingress-controller for this.

Finally if you want SSL (which you should) consider the kube-lego project which will automate getting SSL certs for you. https://github.com/jetstack/kube-lego

-- Jonathan Wickens
Source: StackOverflow
8/4/2017

In my case I used nginx-ingress-controller. I think that setup with traefik will be the same.

1) Set traefik service type as loadBalancer.

Kubernetes will add an ELB rule.

2) Set CNAME or ALIAS in Route53 to ELB hostname.

You can use https://github.com/kubernetes-incubator/external-dns for synchronize exposed services and ingresses with Route53.

-- D.Shmelev
Source: StackOverflow