Rizki Sasri Dwitama
Datascience

Nginx: Kubernetes Environments

Deploying Nginx Ingress Controller

The Nginx Ingress Controller allows external access to Kubernetes services using Ingress resources. It provides load balancing, SSL termination, and name-based virtual hosting.

Installing the Nginx Ingress Controller with Helm

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install my-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace

Verifying the Installation

kubectl get pods -n ingress-nginx

Configuring Ingress Rules

An Ingress resource defines how HTTP and HTTPS traffic is routed to backend services in Kubernetes.

Creating a Basic Ingress Resource

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: myapp-service
                port:
                  number: 80

Applying and Verifying the Ingress Configuration

kubectl apply -f myapp-ingress.yaml
kubectl get ingress

Monitoring and Logging Nginx with Prometheus and Grafana

Monitoring Nginx performance and logs is essential for debugging and optimizing traffic handling in Kubernetes.

Enabling Metrics Collection in Nginx

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: ingress-nginx
data:
  enable-metrics: "true"

Deploying Prometheus in Kubernetes

kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml

Accessing Nginx Metrics with Prometheus

kubectl port-forward svc/prometheus-k8s 9090 -n monitoring

Integrating Grafana Dashboards for Nginx Monitoring

  • Deploy Grafana in Kubernetes.
  • Configure Prometheus as a data source.
  • Import Nginx Ingress Controller dashboards for real-time monitoring.

Secure Deployments within Kubernetes

Security is a crucial aspect of Ingress Controller deployments to ensure encrypted traffic and controlled access.

Enforcing HTTPS Using TLS Certificates with Cert-Manager

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: myapp-cert
  namespace: default
spec:
  secretName: myapp-tls
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

Applying and Verifying TLS Settings

kubectl apply -f myapp-cert.yaml

Enabling RBAC for Nginx Ingress Controller

Restricting access to Kubernetes resources using Role-Based Access Control (RBAC) ensures that only authorized services can modify Ingress settings.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: nginx-ingress-clusterrole
subjects:
  - kind: ServiceAccount
    name: ingress-nginx
    namespace: ingress-nginx
roleRef:
  kind: ClusterRole
  name: nginx-ingress-role
  apiGroup: rbac.authorization.k8s.io

Hands-On Exercise

To reinforce these concepts, try the following exercises:

  • Deploy the Nginx Ingress Controller in Kubernetes.
  • Configure Ingress rules to route traffic to an application.
  • Monitor Nginx performance using Prometheus and Grafana.
  • Secure an Ingress setup using TLS certificates and RBAC.

By mastering these techniques, you’ll be able to deploy and manage scalable, secure, and high-performance Nginx environments in Kubernetes.

Prev
ML: Neural Networks and Deep Learning
Next
Pandas: Data Visualization