Ingress
Drasi allows you to deploy and manage Kubernetes ingress resources for your applications easily in your Drasi YAML file, without using kubectl
. You can use the Drasi CLI to install Contour as your ingress controller, or use an existing ingress controller that is already deployed in your Kubernetes cluster.
Currently, Drasi only supports deploying ingress resources for Drasi Sources and Reactions.
Ingress Initialization
You can initialize ingress in your Drasi environment using the CLI.
Install Contour Ingress Controller (Default)
To install the Contour ingress controller, run the following command:
drasi ingress init
The CLI will use helm to install the Contour ingress controller in the default ‘projectcontour’ namespace.
You can also install Contour with custom annotations:
drasi ingress init --ingress-annotation "<name>=<value>" --ingress-annotation "<name2>=<value2>"
Use Existing Ingress Controller
To use an existing ingress controller, run the following command:
drasi ingress init --use-existing --ingress-service-name <name> --ingress-namespace <namespace> --ingress-class-name <name>
You can also add custom annotations if needed:
drasi ingress init --use-existing --ingress-service-name <name> --ingress-namespace <namespace> --ingress-class-name <name> --ingress-annotation "<name>=<value>" --ingress-annotation "<name2>=<value2>"
For instance, to use an existing NGINX ingress controller with the service name ingress-nginx-controller
in the ingress-nginx
namespace:
drasi ingress init --use-existing --ingress-service-name ingress-nginx-controller --ingress-namespace ingress-nginx --ingress-class-name nginx
For more information on setting up Azure Application Gateway or AWS Load Balancer controller, refer to this documentation
Ingress Configuration
You can configure ingress deployment for your Source or Reaction by setting the gateway
field in your YAML file. To expose an endpoint externally, set the setting
field to external and specify a port number in the target
field. This target port will be used for the Kubernetes Service that gets provisioned alongside the Ingress resource.
Below is a sample YAML file for a Debug Reaction. In this example, we are configuring an endpoint called gateway
to be an external endpoint:
apiVersion: v1
kind: Reaction
name: hello-world
spec:
kind: Debug
queries:
query1
services:
reaction:
endpoints:
gateway:
setting: external
target: "8080"
After running drasi apply
, you can view the Ingress URL by running the drasi list
command. For example:
drasi apply -f reaction.yaml
✓ Apply: Reaction/hello-world: complete
drasi list reaction
ID | AVAILABLE | INGRESS URL | MESSAGES
--------------------+-----------+----------------------------------------------------+-----------
hello-world-debug | true | http://hello-world-debug.drasi.x.xxx.xx.xxx.nip.io |
The URL follows the pattern http://{name}.drasi.{loadbalancer-ip}.nip.io
, where:
{name}
is the name of the Ingress resource{loadbalancer-ip}
is the load balancer IP address of the Ingress controller service
If you are using AWS Load Balancer Controller for EKS, the Ingress URL will be different. The controller provisions an Application Load Balancer (ALB) and assigns a DNS name to it.
Using Azure Application Gateway Ingress Controller (AGIC) for AKS
The Application Gateway Ingress Controller (AGIC) is a Kubernetes application that enables AKS customers to leverage Azure’s native Application Gateway L7 load-balancer to expose services to the Internet. AGIC monitors your Kubernetes cluster and continuously updates the Application Gateway configuration.
Prerequisites
- An AKS cluster with Drasi installed. See this link for installation instructions.
- az CLI
AGIC installation
AGIC can be installed on a new AKS cluster either via Helm or as an add-on. This tutorial will guide you through the installation process.
Drasi configuration
First, get credentials to the AKS cluster by running the az aks get-credentials
command:
az aks get-credentials -n myCluster -g myResourceGroup
Set the Drasi context to the AKS cluster:
drasi env kube
Obtain the public IP address of the Application Gateway from the Azure portal; this IP address will be used as the --ingress-ip-address
when configuring Drasi.
Execute the following command to configure Drasi with the Application Gateway IP address:
drasi ingress init --use-existing --ingress-class-name azure-application-gateway --ingress-ip-address <ip-address>
Using AWS Load Balancer Controller for EKS
The AWS Load Balancer Controller manages AWS Elastic Load Balancers for Kubernetes clusters, enabling you to expose cluster applications to the internet. It provisions Application Load Balancers (ALBs) for Kubernetes Ingress resources and Network Load Balancers (NLBs) for Kubernetes Service resources with appropriate annotations. The controller monitors your Kubernetes cluster and automatically configures load balancers based on your Kubernetes resource specifications.
Prerequisites
- An EKS cluster with Drasi installed. See this link for installation instructions.
- aws CLI
ALB Configuration
Please refer to this guide for installing AWS Load Balancer Controller.
Drasi configuration
First, get credentials to the EKS cluster by running the aws eks update-kubeconfig
command:
aws eks update-kubeconfig --region <region-code> --name <cluster-name>
Set the Drasi context to the EKS cluster:
drasi env kube
Unlike Azure Application Gateway which requires a static IP address, ALBs are dynamically provisioned with DNS names rather than fixed IP addresses. Execute the following command to configure Drasi with the appropriate ingress class name and required annotations:
drasi ingress init --use-existing --ingress-class-name alb --ingress-annotation "alb.ingress.kubernetes.io/scheme=internet-facing" --ingress-annotation "alb.ingress.kubernetes.io/target-type=ip"
Using Ingress in Local Clusters (kind)
When running Drasi in local Kubernetes clusters like kind, you need to configure ingress differently since you don’t have cloud load balancers available.
Prerequisites
- A kind cluster with Drasi installed
- kubectl configured to connect to your kind cluster
Setting up Ingress Controller
For local development with kind, you can use the built-in Contour ingress controller that Drasi can install:
drasi ingress init
This will install Contour as the ingress controller in your kind cluster.
NodePort Access
There are two ways of using ingress in a local cluster like kind. The examples below are for kind clusters.
You can configure kind to expose ports directly:
- Create your kind cluster with port mapping:
# kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraPortMappings:
- containerPort: 80
hostPort: 8080
protocol: TCP
- containerPort: 443
hostPort: 8443
protocol: TCP
- Create the cluster:
kind create cluster --config kind-config.yaml
- Install Drasi and configure ingress:
drasi ingress init
With this setup, your ingress resources will be accessible directly via http://localhost:8080
.
Alternative: Port Forwarding for Local Access
Alternatively, since kind clusters don’t have external load balancers, you can use port forwarding to access your ingress resources locally:
- First, find the Contour envoy service:
kubectl get svc -n projectcontour
- Forward the ingress controller port to your local machine:
kubectl port-forward -n projectcontour svc/envoy 8080:80
- After applying your Drasi resources with ingress configuration, you can access them via
localhost:8080
with the appropriate Host header:
curl -H "Host: hello-world-debug.drasi.127.0.0.1.nip.io" http://localhost:8080