Create Access for NCache Management in Amazon Elastic Kubernetes Service
The basic architecture of Amazon Elastic Kubernetes Service environment confines every pod within the cluster with dynamic IPs that are not accessible from outside that cluster. And for you to benefit from NCache inside the created EKS cluster, you need to create a Kubernetes service to provide access for the NCache pods.
On top of this service, you need to set up a Kubernetes ingress resource in Amazon Elastic Kubernetes Service for exposing NCache services. This service is implemented by an ingress controller running within the Amazon Elastic Kubernetes Service cluster. A frequently used ingress controller is the NGINX controller that is managed by the Kubernetes project. As your NCache deployment is inside the EKS cluster, this service is set as a load balancer to bring traffic down to a collection of pods and create Client IP based persistent connection.
Amazon Elastic Kubernetes Service: Create an Ingress Controller
The process of creating and using an NGINX Ingress Controller is provided here. This is basically a two-step process involving the deployment of the mandatory resources needed to run the ingress controller within the cluster, and setting up a load balancer to expose the ingress controller from outside the cluster.
To successfully run the ingress controller inside your cluster, you need to deploy three YAML files. Let us go through them one by one.
Deploy NGINX Mandatory Resources
To set up an NGINX Ingress Controller mandatory resource, you need to have the NGINX mandatory YAML file. The NGINX mandatory file is the base file that is required to run the NGINX controller, which in this case is your load balancer. Let's call this file nginxmandatory.yaml and you can get the contents of it from GitHub.
Once you have this file, you need to deploy this inside your Amazon Elastic Kubernetes Service cluster. To deploy the NGINX mandatory file, run the following command in the AWS command line interface:
kubectl create -f [dir]/nginxmandatory.yaml
Create NGINX LoadBalancer Service File
This file contains the information on the layer 7 load balancer which exposes the NGINX ingress controller outside the Kubernetes environment. Let's call this YAML file nginxservice.yaml and its contents can be found here:
Note
The parameters required to create this YAML file ready to be deployed are explained in the Properties table.
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
# replace with the correct value of the generated certificate in the AWS console
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXXXXXX:certificate/XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
# the backend instances are HTTP
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
# Map port 443
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
# increased to '3600' to avoid any potential issues.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: http
Execute the following command in AWS configured shell environment to set up this file inside the EKS cluster.
kubectl create -f [dir]/nginxservice.yaml
Create NGINX Config File
Along with the layer 7 service, you need to create a Kubernetes ConfigMap to configure the layer 7 load balancer. Let's call this file nginxconfigmap.yaml and its contents are shown below.
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
data:
use-proxy-protocol: "false"
use-forwarded-headers: "true"
proxy-real-ip-cidr: "0.0.0.0/0" # restrict this to the IP addresses of ELB
Run the following command in AWS command line interface to create this config inside your cluster:
execute create -f [dir]/nginxconfigmap.yaml
The next step after setting up the ingress controller is to create NCache client in your EKS cluster, explained in the next chapter.
See Also
Create Discovery Service in EKS
Create NCache Client in EKS
Create NCache Client Deployment in EKS
Create Cache Cluster in EKS