Category Archives: infrastructure

How to configure an ingress controller for an Amazon EKS Kubernetes Cluster using Rancher 2.1

Rancher allows either provisioning a Kubernetes cluster from scratch for several cloud infrastructure providers using its Rancher Kubernetes Engine (RKE) or even more convenient to import an already hosted cluster such as AWS EKS or Google Kubernetes Engine.

In this post, I’m going to explain how a EKS cluster can be imported and properly setup to leverage full ingress support in Rancher. The explained ingress setup is not necessary if the cluster was provisioned with RKE, in that case Rancher will setup and deploy an ingress controller automatically for you on all nodes.

Create AWS EKS cluster

On your Rancher server request:

https://RANCHER_SERVER/g/clusters/add?provider=amazoneks

Add the credentials (Access Key and Secret Key) of a privileged AWS user.

Stick to the Rancher defaults for service roles,  VPC & Subnet and Rancher will create a sandboxed EKS environment on your AWS account. The “Maximum ASG Size”, defines how many nodes the cluster will be allowed to spawn. This can later be adjusted in the auto scaling section (EC2).

After a few minutes, your cluster should be ready.

Setup Ingress for EKS

Probably you have noticed the yellow bar on the screenshot saying:

For the time being, Rancher won’t setup an ingress controller for us. Means we can’t route traffic within the cluster to specific workloads using a L7 load balancer.

-> Select your cluster -> Default -> Load Balancing -> Add Ingress

Means our Ingress rule will stay in “Initializing” forever, since there is no ingress controller that will ever pick up this Rancher ingress configuration.

Ingress resources are a collection of routing rules which are picked up and fulfilled by an Ingress Controller

Let’s fix this.

Install Nginx Ingress Controller

There are a number of ingress controllers available, this post will explain how to setup the Nginx Ingress Controller for EKS.

In order to access your workloads from the Internet, we need to setup a load balancer that routes / forwards the traffic from the Internet to the cluster nodes. Let’s choose a L7 load balancer for the highest flexibility:

Layer 7 load balancers base their routing decisions on various characteristics of the HTTP header and on the actual contents of the message, such as the URL, the type of data (text, video, graphics), or information in a cookie.

As explained in the following excellent glossary:

https://www.nginx.com/resources/glossary/layer-4-load-balancing/

Install prerequisites

Either install kubectl on your development machine or use the in-browser kubectl provided by Rancher.

From the deploy documentation do the following:

This will install all required stuff for the next steps such as namespace, configmap, serviceaccount etc.

Install Load Balancer

Provision a service of type LoadBalancer, will result in a Classic Load Balancer created in your AWS account.

Instead of running running the L7 install script straight away.

We first download and modify the yaml file:

Then we set the ssl-cert arn that we can receive from AWS Certificate Manager and fine tune the AWS LB via service.beta.kubernetes.io/aws-load-balancer-* annotations if required.

Please check the Kubernetes AWS LB docs for all available configuration options.

Finally install the LB via Rancher:

Navigate to: -> Select your cluster -> System -> Load Balancing -> Import YAML

Then install the L7 LB configuration via kubectl  or Rancher yaml importer.

Now we listen for requests on port 80 and 443 and route them internally to port 80 to our cluster nodes. SSL is terminated at the AWS load balancer, no need to deal with certificates within Rancher.

Verify Ingress

Go back to our previously created ingress resource. It should now be in state “Active”.

-> Select your cluster -> Default -> Load Balancing

Create DNS entry for EKS Cluster

This one is not rocket science with AWS Route53.

https://console.aws.amazon.com/route53/home?region=eu-west-1

I assume that you have your domain already setup, open the hosted zone and create a record set.

Set a name, this one should match the hostname that was specified for the Ingress. (hello.example.com)

Select Alias: yes. and enter the ARN of the provisioned Classic Load Balancer.

Done.

All http/https requests to the configured domain, in my example hello.example.com, would now be forwarded to the workload / pod hello-world.

 

techtalk – Redesign 2015

Let’s start into the new year with a completed redesign. During the process I tried to archive following goals:

Make it responsive

Since a third of all my visitors are using a mobile device or tablet, I wanted to provide a better experience especially for smaller displays.

Make it faster

The latest posts were very popular, which lead to a higher server load and long loading time or even complete downtimes. Therefore I tried to improve caching and image optimisations.

Make it more social

The old design barely linked social media profiles. In addition, the valuable comments section was quite hidden and hard to find.

Make it secure

Make techtalk secured by SSL by default. This makes also sense for Google ratings.

Make it covering costs

With approx 100’000 unique visitors last year and a lot of down time I needed to move the site to a non free managed webhosting provider that is faster and hopefully more reliable as well. I decided to put some adwords on the blog for covering those costs.

Make it more widespread

I registered more domains and a SSL certificate. The blog is now reachable under following domains:

Where .me will be the new default domain.