[ Kube 31 ] Set up Nginx Ingress in Kubernetes Bare Metal

Thanks a ton for the tutorial. Got it up and running rather quickly with the examples you provided, now to take that knowledge into my own ingress ventures.

Your vides are the best. Easy to follow and very clear. The context you provide at the beginning of each video is perfect. I have learned so much from your instructions in last couple of week to setup my K8s infrastructure. Thanks really for such great quality content.

Thank you so much for all your tutorials. You do a fantastic job. I look forward to continue learning from you.

AMAZING work, your didactic is on point and doing it hands-on is exactly what I needed. Gonna watch the whole playlist for sure!

This is a brilliant tutorial, i really enjoyed the simple nicely paced step by step approach. Great work

Glad to hear that you are doing this great videos for us💐💐

This is a great video that explains nginx ingress very well. Some viewers might be trying to run this on vps servers in the cloud using the new lxd/lxc version and can't get haproxy to work. You run lxc config device add haproxy myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80 (note: haproxy in the command is the name of the lxc container). So if you followed the video and haproxy is not forwarding the traffic you may need this command or see if there is a firewall enbaled. Another helpful command is from inside the haproxy container use haproxy -c -V -f /etc/haproxy/haproxy.cfg which checks to make sure your configuration is valid before starting/restarting the haproxy service. Thank-you for putting this video series together they are one of the best ones out here.

Interesting, informative and really illuminating for me as a K8s learner! Thanks!

Nice Video Bro!! You contents of Kubernetes Bare Metal Help me a lot.

All your videos are excellent. Keep up your good job

Excellent ! Simply Wow. நன்றி

Great complete ingress controller. Thank you.

Great tutorial, clearly explained

Thanks a lot Bro for this tutorial. all my questions are clear.

Thanks a lot for this video; very clear, it helps me a lot !

Your channel is life saver

Great content, greatly appreciate all the kubernetes tutorials!

Wonderful work

Best tutorial ingress I've ever seen. great man!

I loved it , and post videos frequently with real time scenarios , request you to do videos on jenkins as well

You're simply the best🤟

Very good tutorial, thank you for sharing. Tested on a kubernetes that runs behind rancher2 using Hetzner servers. Next step is to test Traefik

dude you helped my a lot, thanks!

Great demo!! Thank You

Great tutorial, thank you.

excellent video, thank you!

Great video Venkat

Thank for sharing your knowledge

Great video - thanks!

amazing video

Great vids!!

Great tutorial !

Excellent 👍

Another brilliant video, very helpful and well explained. Thank you

Hello Sir, I just watched your video, will follow your instructions to try it tomorrow, and get feedback to you. From what I've seen, you've made an excellent tutorial on Ingress Controller - application load balancer, and HAProxy - network load balancer for bare-metal Kubernetes cluster. That's exactly what I am looking for at this moment. You're very hands-on. Great Jobs. Subscribed. Thank you.

Awesome!! Thanks a ton!

This video is magic. Better explaination around Ingress Controller for Kubernetes Bare Metal !!

Thank you so much!!!!!

Nice Vid

Awesome thanks

Hello thank you for this video !
Do we need to link the load balancer only to the nodes that have an ingress controller ? Or to all of them ?

Just found your video's on kubernetes, kubespray and nginx ingresses. You are very good at explaining the default behaviors, which gives the highest chance for success.
The nginx docs explained that in the default server secret file they provided a default self-signed cert and key and that they recommended to use your own certificate. Things to note: the cert and key are base64 encoded (again), so keep this in mind when you add the cert to the default-server-secret.yaml file.
Also, if you are using windows to generate the keys, make sure you remove the CR characters ( ^M), before base64 encoding the cert and key. Otherwise you'll get an error when trying to start the nginx-ingress pods.

Thank you very much ❤ for providing such good video..
In this video you have taken haproxy for routing and exposed over the private IP how the nginx application will access all clients with domain name...

Great video, thanks, one quick question, Does the ingress controller POD exposed to the HAproxy directly? but I don't see you use "hostNetwork: true" ?

Thanks in advance for the great tutorials, by any change, is there any load balancer that can support Diameter and be used inside K8s cluster?

Hi There,
Nice video bro!
I have one question, on the HAPROXY you configure all the IP addresses from the worker nodes.
what is if you scale out or scale the Cluster (Add or remove worker nodes)? then you have to manually change the Configuration on the HAPROXY?
Also if the worker nodes are deployed via DHCP and somehow the ip change, then its also needed to change the config. Do you have an Solution for this?
Thank you very much.

Fantastic video. I've seen your metalLB videos too. My question is - If i deploy nginx-ingress-controller as a daemonset on 4 physical nodes of my cluster at home and expose ingress deployment as as nodeport service on port 31111 + then attach haproxy to this, why do i need MetalLB to load balance?

Thanks for the video, can you tell what are the other ways of creating cluster instead of lxc.

Hello Venkat, again, excellent explanation of the topic. I read the documentation about ingress where they mentioned nginx, ingress controller, nginx, load-balancer etc. It was all respect to some cloud provider and not about bare metal k8s cluster. It was all so confusing.
Your component and flow diagram made the concept crystal clear. Since it is bare metal, I can practice in my home lab. Today, your video quality was max 360p, so difficulty in reading text, may be due to just upload. Tomorrow, I would do hands on on my home lab.
One suggestion on demo container/pod. I generally use hashicorp/http-echo image to show different pods or different container in a single pod as below. It might make your demos easy than using nginx.
apiVersion: apps/v1
kind: Deployment
metadata:
name: fruit-deployment
labels:
app: fruit
spec:
replicas: 4
selector:
matchLabels:
app: fruit
template:
metadata:
labels:
app: fruit
spec:
containers:
- name: apple-app
image: hashicorp/http-echo
args:
- "-text=response from apple-app"
- "-listen=:6000" # default container port is 5678
ports:
- containerPort: 6000
- name: banana-app
image: hashicorp/http-echo
args:
- "-text=response from banana-app"
- "-listen=:6001" # default container port is 5678
ports:
- containerPort: 6001

Hello Venkat, I have a question regarding the HAProxy. This load balancer cannot be provisioned as a pod inside of the k8s cluster?
I saw that you made a separate VM for it.
I'm asking you this because i use VPSs for my k8s cluster.
Thanks and regards.

Nice!!

Hi Venkat, thanks for this great video. One question though, I still could not understand how haproxy is able to connect to the worker nodes port 80. We only have the cluster IP service created and ingress resource has routing in it to point to the cluster ip service. There is no node port service or LoadBalancer service to access it from outside the kubernetes cluster. I was trying to get it working by following your video. If I check the get all -n nginx-ingress with the steps, I see only the nginx-ingress pods and the daemonset in the nginx-ingress namespace. The get all ( without namespace) only gives the nginx-pod and the cluster ip service pointing to the nginx-pod. I am wondering how is it working without having a nodeport service or a loadbalancer service running to connect to the worker node from haproxy ? As per the haproxy configuration, it directly using the IP addresses of the worker nodes and port number 80. Looks like I miss something ...

Excellent session! I do come across a small snag when deploying nginx-ingress in that the create DaemonSet (kubectl apply -f daemon-set/nginx-ingress.yaml) as shown in your demo works. On the other hand, if I choose Create a Deployment (kubectl apply -f deployment/nginx-ingress.yaml) then all requests via HAProxy would fail with 503! Is there a hack that need to be applied? Thank you Venkat

Hi Venkat,
Great video! I am planning to use plublic DNS as noip.com and make a port forward in a router to reach a microservice backend. How does the HA Proxy can reach the service if the service as an internal IP from the cluster?

hello venkat, it is me again :) with yet another question :), I was wondering how with Kubernetes can I manage to request a pod from another pod? , I have a web service in python with flask that is inside a container that I can request thanks to nodeport, but I want that web service to also send a request to a TensorFlow serving ( a container that when requested return a series of probabilities)? should I expose a service for the TFserving too?

Thanks!

Hi Venkat, thank you for another excellent video. I got it working on your vagrant environment. I also tried it on the cluster as created via the-hard-way (Kelsey Hightower). But that didn't work. Looks like iptables are blocking port 80. Just wondering how iptables are setup (probably done by kube-proxy). Hard to find this info. Maybe a suggestion to make a video about network setup and the protocols, ports and their flow and how iptables are setup. But again, thank you for taking time to make these videos and sharing them with us.

Very helpful tutorial, just one quick question. I assume that since you have the cluster running on containers, the reason you are able to execute kubectl commands from the host machine is some sort of rule on your .zshrc file? If so, could you please explain how that is accomplished? I tried using an alias such as alias kubectl='lxc exec kmaster kubectl'. And while this works just fine for listing resources and what not, the forwarding of the command breaks when you need to add flags. So while I can run 'kubectl get nodes', if I try to run 'kubectl get nodes -o wide' it breaks.

This is a great tutorial! One question - how would one easily define a default route to send users to if they ask for something that doesn't exist? It looks by default it just returns a 404. Is there a way to make it redirect / show something else?

Thanks Venkat. It's such a great stuff that I've missed this long.
I think your k8s installation processes, you're installing the latest k8s version and might want to stick to some version something like below. I'm using ubuntu, therefore it looks as below.
# Install Kubernetes
echo "[TASK 9] Install Kubernetes kubeadm, kubelet and kubectl"
apt-get install -y kubeadm=1.17.1-00 kubelet=1.17.1-00 kubectl=1.17.1-00
apt-mark hold kubelet kubeadm kubectl

Thanks very much for ur totos, i have a question, i'm strugling to deploy an ingress controller of a type load balancer and let haproxy to give it an ip and connect to it ?

Hi Venkat, thanks for the wonderful video. I have created instances in GCP and ingress setup is done. Please advise me how to check the setup is working or not in GCP.
I have used 1 HAproxy server, 1 master and 2 worker nodes.

Hello thanks for your content.
I got 2 small questions.
First: What is the point of an ha-proxy since even if we point to the same node, the svc of type NodePort will load balance btw pod.
Second: As a mac user how can we communicate from the host to the cluster ? On mac kubernetes (docker for mac) use an hidden VM.

Great tutorial! I'm just wondering on how did you setup your cluster. I mean, who is the cluster endpoint? Is it the HAProxy?

Hi Venkat, Thanks for this class, i have tried this tutorial on AWS instances, but getting site can't reachable. which IP(Private IP or Public IP of HAProxy server) i have to place in /etc/hosts. Or should i do any other configuration since i am using AWS instances?. I am using a security group in which all ports are open.

hi Venkat,
Wonderful session again; with hands on ingress setup.
I tried with similar things using vagrant setup instead of lxd; worked well.
I found one issue with vagrant though ... simply by hitting hostname on browser vm instance doesn't display anything on windows OS. But within HAProxy instance if i simply do curl on 3 host names i get expected output as mentioned in session.
how to access vagrant vm instance using hostname instead of private_network ip on browser?

You have given :80 in HAProxy default backend config but where have we configured Nginx ingress controller to listen on port 80 of worker nodes for incoming traffic from Load balancer? Thanks Venkat.

Hi sir, just wondering if i can run haproxy in master node itself. or do i need separate VM for this?

Hi Venkat
if we have setup a rule for node provisioning based on CPU, Memory or based on user request , in that case our total number of nodes will not be same all the time , then how we will do the haproxy entry.

Hi
What do you use for the terminal zsh prompt. Looks nice especially the history commands are coming up automatically.
I have been using python powerline, but haven't configured internals

Hey, fantastic content, I’m a fan!
Just one question: how would you manage if the worker nodes get scaled out or in or if the IP addresses change? Is there a way that the HaProxy Config automatically stays in sync with the cluster?

What if you are running the ingress controller only on worker1 and haproxy hits worker2?
Secondly, what if we run ingress controller on the master node (non-HA)? In that case, should we only provide the IP address of the master in the haproxy backend?

Hi Bro... Thanks for the Video... It's really Great... Can we use MetalLB Loadbalancer intead of HAproxy

Shoudn't there also be a nodeport service created to allow access from the haproxy to the ingress controller?

MetalLB & HAProxy both are Load balancer ?. Instead of HAProxy, I can use MetalLB ?

Hi, Thanks for sharing this video, it is very useful. I have a question on the installation. I have a k8s cluster with one master and one node. If i want to install the nginx-ingress load balancer within the k8s cluster, would i need to carry out the bare metals installation of the same load balancer as a pre-requisite? I have tried to install the nginx-ingress controller installation on k8s cluster and the pod is in creation state for ever. Thanks.

Hi Thanks for the video, I have followed the exact same step to create an nginx controller using daemonset however I am not able to browse the app deployed in the pods. I have noticed that the ports 80 and 443 are not getting exposed on the worker nodes despite trying to create the daemonset multiple times. What can be the reason for this? I am using weavenet

Great video thank you for putting it out! I was wondering though, with the requirement of the HAProxy Loadbalancer , how do you prevent it from becoming a single point of failure?

great tutorials. Do you have video to connect bare metal to gitlab cloud. thanks

Very nicely explained. Just I wanted to know the system information, battery life , networking , processor and which package required to install on Ubuntu OS

Nice Video, I have a request whenever you have time please make a video on service accounts creation, clusterrolebinding and rolebaseauthentication please, it's a bit confusing when watching ingress and NFS dynamic provisioning.. thanks in Advance...

How does the haproxy discover the ingress pods through the node-ip:80 lines in the haproxy.cfg without any service defined with the nodeport set to 80?

Nice tutorial. Can you show a lts (https) example, please? I setup like this but ingress with lts host getting too many redirection.

I have a precompiled image and once i spin the pod then container expose itself as rest api. Is there any way to enable https in this case. How to add ssl certificate in this case so that I can call the api using https

hello, this setup works locally right? i want to expose my application through the internet. i tried with a basic ingress YAML file and deployed the laravel application and created a service. to expose it on the internet i just run the minikube tunnel and exposed the external IP and tried it in the browser but the app is not loading. is my way is correct or what i have to do to expose my app on the internet with minikube. please guide me

Is there a reason why all the microservice ports are same? What if the ports are different. Do we have to create those many backend entries in haproxy

good video, but it would be greate if you could explain a bit regarding ingress controller.

Hey one request can you make one video on how to attach a load balancer like nlb in front of our kubernates cluster that can load balance between different nodes

how are you actually exposing the port 80 on the worker Nodes for the ingress-controller? My approach was to create a Nodeport service for the nginx-ingress-controller and then forward on HAproxy to "nodeip:nodeport"

How the haproxy LB points to the ingress controller? Configuration file only points the haproxy to worker nodes ips and port 80.

Hi venkat..Hope you are doing good.. Your videos are really very helpful..Thanks a tonn for the same.
One doubt - We have a kubernetes setup in AWS environment (3 node setup -1 master and 2 slaves)but we are not utilizing EKS or something, we have installed the cluster on EC2 instance its just that we are consuming the EC2 services. Suppose i have hosted a containerized application and it is listening on 8443 port and the pod ip is ex:10.244.3.251 and for accessing the UI of this application, i have setup load balancer (nginx) on other EC2 instance following the above tutorial. Now once i create service and ingress for my deployment I am able to access the application with the host name (as mentioned in ingress yaml file) and it listens on port 80 by default.
I hope i am clear untill now.. my question is for accessing the host name, everytime we need to edit our host file on the local machine and give a entry of ('nginx ip' 'hostname as defined in ingress.yaml') which is a bit difficult approach. We don't have access to route53 service for setting up DNS or something.. Is their any other method through which we can access our application easily?? Your comment would be very helpful..!! If need by i can send you the detailed yaml files in your personal email for a better clarity..

Hi, since the Ngnix controller pod is inside the cluster, how haproxy can reach the ingress controller pods? Thanks

Can you please do a session on contour envoy.

If I understand you correctly, we need HA Proxy for Ingress to working? Is HA Proxy the prerequisite for Ingress?

Hi Venkat,
I tired with ingress in gke(google k8s engine).
1) Created the my pods.
2)Expose it though loadbalancer service type. (it was working with http)
3) then i configure ingress, it says error "Some backend services are in UNHEALTHY state".
Can you pls suggest any possibilities to configure in https.

Thank you for the tutorial.
May i know how can i set sticky session (stateful application) for this environment?
Should i configure in haproxy or in the ingress?

Do we always need to register ingress controllers to load balancers(HA proxy in this case).

please do blue/green deployment strategy video

Hi Venkat, thanks for this video. I alway that try to deploy an ingress controller obtain when I do a describe ing:
Default backend: default-http-backend:80 ()
And never get to link ingress controller con cluster IP services. I dont know what is happening
Thanks

Thanks alot for all your videos, Could you make a video on -> how can I listen to TCP traffic using ingress as by default it listen to HTTP & HTTPS traffic only.
Also I would like to request to create a video with above request using Contour Ingress Controller.