• +43 660 1453541
  • contact@germaniumhq.com

Kubernetes Ingress Patching With Ansible

Category: Categories: Tutorial

Kubernetes Ingress Patching With Ansible

If you execute the default bare metal installation of an Nginx Ingress server you’ll find out that it’s actually not listening on the "normal" 80/443 ports, but rather on some client ports. What’s worse is that there’s a rather small limit for the proxying, so if you’re exporting a binary registry, and you want to publish binaries from outside the cluster, you’re in trouble. Here’s how to fix this.

First we install the mandatory dependencies. Regardless of our actual runtime (GKE, EKS, in our case bare metal), we’ll need these installed.

- name: "Install mandatory dependencies"
  shell: |
    export KUBECONFIG=/etc/kubernetes/admin.conf
    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml  # (1)

Now, since we picked the bare metal, let’s install it as well:

- name: "Install the bare metal support"
  shell: |
    export KUBECONFIG=/etc/kubernetes/admin.conf
    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml

I like to have this unchanged, instead of downloading a copy of it and installing a modified copy of it manually. This ensures further updates also work. This is why the next patching becomes necessary, in order to allow binaries of any size.

In my case the {{kubernetes_ingress_proxy_size}} defaults to 1G, but it’s customizable, thanks to Ansible:

- name: "Proxy requests of different size"
  shell: |
    export KUBECONFIG=/etc/kubernetes/admin.conf
    kubectl patch -n ingress-nginx configmap nginx-configuration -p '{"data":{"proxy-body-size": "{{kubernetes_ingress_proxy_size}}"}}'

Then we finally tell the pods from the deployment to use the host networking, so we’ll use the ports 80 and 443 instead of NodePorts:

- name: "Listen using the bare metal host networking"
  shell: |
    export KUBECONFIG=/etc/kubernetes/admin.conf
    kubectl patch -n ingress-nginx deployment nginx-ingress-controller -p '{"spec": {"template": {"spec": {"hostNetwork": true}}}}'

Done!

Article Photo from Pexels: https://www.pexels.com/photo/blue-white-orange-and-brown-container-van-163726/


Categories

Tags

Featured Posts

Integrating Behave Test Results in Jenkins

pa11y Accessibility Testing With Docker and Jenkins

Creating a New Python BPMN Process With Adhesive

Python BPMN Event Deduplication With Adhesive

Germanium Robot Bindings

Books

Get "Core Bazel" on Amazon

About Us

Germanium is a software project made by a passionate team in Vienna, that aims at making integration testing a breeze.

Contact

Vienna, 1200, Vienna
Austria

Phone: +43 660 1453541
Email: contact@germaniumhq.com
© 2021 Germanium
Privacy Policy | Terms of Service