Docker & Kubernetes : Nginx Ingress Controller for Dashboard service on Minikube
The Dashboard of Minikube is not externally accessible (via http://mydashboard.com for example) and we get it internally.
In this post, on Minikube, we'll setup name based (hostname) Ingress rules and enable Ingress controller. With the setup, we'll be able to access the Dashboard externally. The Ingress controller takes over and then it will follow through the rules and forward requests to kubernetes-dashboard service. Also, we'll map Minikube's IP to a CNAME in our local /etc/hsots file.
Just like any other application, Ingress controllers are pods. They're part of the cluster and can see other pods and being inside the cluster themselves, we still need to expose them to the outside via a Service with a type of either NodePort or LoadBalancer.
While Ingress resources defines how we want the requests to the services to be routed via routing rules, Ingress controller processes (actually reouts) the ingress resource's information.
The controller, having the ability to inspect HTTP requests (layer 7), directs a client to the correct pod based on characteristics it finds, such as the URL path (URI) or the domain name (hostname).
In this post, we'll learn how to use Nginx Ingress Controller that comes with Minikube.
At the end, we will get our dashboard using domain name (dashboard.info) instead of using something like this: http://127.0.0.1:51617/api/v1/namespaces/kubernetes-dashboard/services...:
In addition to installing the Nginx Ingress Controller, we'll configure Ingress resources as kind: Ingress using yaml file and set an url to spec.rules.host: dashboard.info as routing rules in the file. After the configuration, because the dashboard.info is not registered domain, we map the ip of the Ingress service to dashboard.info in /etc/hosts file as an entry point.
Let's start our minikube:
$ minikube start --vm=true --driver=hyperkit minikube v1.13.0 on Darwin 10.13.3 KUBECONFIG=/Users/kihyuckhong/.kube/config Using the hyperkit driver based on user configuration Starting control plane node minikube in cluster minikube Creating hyperkit VM (CPUs=2, Memory=2200MB, Disk=20000MB) ... Preparing Kubernetes v1.19.0 on Docker 19.03.12 ... Verifying Kubernetes components... Enabled addons: default-storageclass, storage-provisioner Done! kubectl is now configured to use "minikube" by default
Note that we explicitly specified the driver in the command. Without the driver flag, minikube may opt not to use vm and insist on using Docker.
Most likely it happens because first time we ran it with --driver=docker option (either explicitly or implicitly)
and it has been saved in our Minikube profile. To fix this we will probably need to remove our Minikube instance (minikube delete) and then start it again with --vm=true option (without the --driver option).
To install the NGINX Ingress controller in Kubebernetes cluster on Minikube, all we have to do is enabling it using the following command:
$ minikube addons enable ingress Verifying ingress addon... The 'ingress' addon is enabled
It automatically starts Kubernetes Nginx implementation of Ingress Controller.
Now we can see an ingress-nginx-controller pod is up and running in kube-system namespace:
$ kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-66bff467f8-r9fxd 1/1 Running 0 3m1s etcd-minikube 1/1 Running 0 3m4s ingress-nginx-admission-create-tctgw 0/1 Completed 0 2m4s ingress-nginx-admission-patch-6bwhd 0/1 Completed 0 2m4s ingress-nginx-controller-69ccf5d9d8-r7724 1/1 Running 0 2m4s kube-apiserver-minikube 1/1 Running 0 3m4s kube-controller-manager-minikube 1/1 Running 0 3m4s kube-proxy-l29xr 1/1 Running 0 3m1s kube-scheduler-minikube 1/1 Running 0 3m4s storage-provisioner 1/1 Running 0 3m4s
$ kubectl get ns NAME STATUS AGE default Active 11m kube-node-lease Active 11m kube-public Active 11m kube-system Active 11m kubernetes-dashboard Active 24s
The kubernetes-dashboard is for internal (we know it because the service Type is ClusterIP) and it's not externally accessible:
$ kubectl get all -n kubernetes-dashboard NAME READY STATUS RESTARTS AGE pod/dashboard-metrics-scraper-dc6947fbf-rw5tv 1/1 Running 0 4m40s pod/kubernetes-dashboard-6dbb54fd95-k85gz 1/1 Running 0 4m40s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/dashboard-metrics-scraper ClusterIP 10.106.255.59 <none> 8000/TCP 4m40s service/kubernetes-dashboard ClusterIP 10.107.136.213 <none> 80/TCP 4m40s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/dashboard-metrics-scraper 1/1 1 1 4m41s deployment.apps/kubernetes-dashboard 1/1 1 1 4m41s NAME DESIRED CURRENT READY AGE replicaset.apps/dashboard-metrics-scraper-dc6947fbf 1 1 1 4m41s replicaset.apps/kubernetes-dashboard-6dbb54fd95 1 1 1 4m41s
Note: we may not get anything regarding the info about the kubernetes-dashboard until we run the following:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard configured
serviceaccount/kubernetes-dashboard configured
service/kubernetes-dashboard configured
secret/kubernetes-dashboard-certs configured
secret/kubernetes-dashboard-csrf configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
secret/kubernetes-dashboard-key-holder configured
configmap/kubernetes-dashboard-settings configured
role.rbac.authorization.k8s.io/kubernetes-dashboard configured
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard configured
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard configured
The ClusterRoleBinding "kubernetes-dashboard" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"kubernetes-dashboard"}: cannot change roleRef
As we can see in the output from kubectl get all -n kubernetes-dashboard command, the pod and service for the Dashboard are already running.
So, all we have to do is setting up Ingress rules in order to access it via hostname.
Here is the dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
spec:
rules:
- host: dashboard.info
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: kubernetes-dashboard
port:
number: 80
The rules basically forwarding every request for dashboard.info to internal kubernetes-dashboard service. Note that the namespace kubernetes-dashboard is within the same as the pod/kubernetes-dashboard-6dbb54fd95-k85gz and the service/kubernetes-dashboard reside.
Create the ingress rules:
$ kubectl apply -f dashboard-ingress.yaml ingress.networking.k8s.io/dashboard-ingress created $ kubectl get ingress -n kubernetes-dashboard NAME CLASS HOSTS ADDRESS PORTS AGE dashboard-ingress <none> dashboard.info 192.168.64.7 80 108s
We need to put the information into /etc/hosts:
192.168.64.7 dashboard.info
With this setup, any requests coming to Minikube cluster, the Ingress controller takes over and then it will follow through the rules and forward those requests (dashboard.info) to Kubernetes internal service which is kubernetes-dashboard.
Now if we go to a browser and type in the domain name, dashboard.info. We can see the same page that we saw at the beginning of this post.
If none of the hosts or paths match the HTTP request in the Ingress rules, the traffic is routed to our default backend.
$ kubectl describe ingress dashboard-ingress -n kubernetes-dashboard
Name: dashboard-ingress
Namespace: kubernetes-dashboard
Address: 192.168.64.7
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
Host Path Backends
---- ---- --------
dashboard.info
kubernetes-dashboard:80 (172.17.0.3:9090)
Annotations: Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal CREATE 37m nginx-ingress-controller Ingress kubernetes-dashboard/dashboard-ingress
Normal UPDATE 37m nginx-ingress-controller Ingress kubernetes-dashboard/dashboard-ingress
For example, "404 page not found" response when the path is not defined in any of Ingress objects:
This post addressed the simplest case and did not setup https (TLS).
For more info about the Ingress, please check out this page: https://kubernetes.io/docs/concepts/services-networking/ingress/:
- It has the info about fanout configuration routes traffic from a single IP address to more than one Service (single host).
- configuration routes for subdomains (multiple hosts).
- TLS
- This post is based on Kubernetes Ingress Tutorial for Beginners | simply explained | Kubernetes Tutorial 22
- Well explained article on Ingress: KUBERNETES INGRESS FOR BEGINNERS
Docker & K8s
- Docker install on Amazon Linux AMI
- Docker install on EC2 Ubuntu 14.04
- Docker container vs Virtual Machine
- Docker install on Ubuntu 14.04
- Docker Hello World Application
- Nginx image - share/copy files, Dockerfile
- Working with Docker images : brief introduction
- Docker image and container via docker commands (search, pull, run, ps, restart, attach, and rm)
- More on docker run command (docker run -it, docker run --rm, etc.)
- Docker Networks - Bridge Driver Network
- Docker Persistent Storage
- File sharing between host and container (docker run -d -p -v)
- Linking containers and volume for datastore
- Dockerfile - Build Docker images automatically I - FROM, MAINTAINER, and build context
- Dockerfile - Build Docker images automatically II - revisiting FROM, MAINTAINER, build context, and caching
- Dockerfile - Build Docker images automatically III - RUN
- Dockerfile - Build Docker images automatically IV - CMD
- Dockerfile - Build Docker images automatically V - WORKDIR, ENV, ADD, and ENTRYPOINT
- Docker - Apache Tomcat
- Docker - NodeJS
- Docker - NodeJS with hostname
- Docker Compose - NodeJS with MongoDB
- Docker - Prometheus and Grafana with Docker-compose
- Docker - StatsD/Graphite/Grafana
- Docker - Deploying a Java EE JBoss/WildFly Application on AWS Elastic Beanstalk Using Docker Containers
- Docker : NodeJS with GCP Kubernetes Engine
- Docker : Jenkins Multibranch Pipeline with Jenkinsfile and Github
- Docker : Jenkins Master and Slave
- Docker - ELK : ElasticSearch, Logstash, and Kibana
- Docker - ELK 7.6 : Elasticsearch on Centos 7
- Docker - ELK 7.6 : Filebeat on Centos 7
- Docker - ELK 7.6 : Logstash on Centos 7
- Docker - ELK 7.6 : Kibana on Centos 7
- Docker - ELK 7.6 : Elastic Stack with Docker Compose
- Docker - Deploy Elastic Cloud on Kubernetes (ECK) via Elasticsearch operator on minikube
- Docker - Deploy Elastic Stack via Helm on minikube
- Docker Compose - A gentle introduction with WordPress
- Docker Compose - MySQL
- MEAN Stack app on Docker containers : micro services
- MEAN Stack app on Docker containers : micro services via docker-compose
- Docker Compose - Hashicorp's Vault and Consul Part A (install vault, unsealing, static secrets, and policies)
- Docker Compose - Hashicorp's Vault and Consul Part B (EaaS, dynamic secrets, leases, and revocation)
- Docker Compose - Hashicorp's Vault and Consul Part C (Consul)
- Docker Compose with two containers - Flask REST API service container and an Apache server container
- Docker compose : Nginx reverse proxy with multiple containers
- Docker & Kubernetes : Envoy - Getting started
- Docker & Kubernetes : Envoy - Front Proxy
- Docker & Kubernetes : Ambassador - Envoy API Gateway on Kubernetes
- Docker Packer
- Docker Cheat Sheet
- Docker Q & A #1
- Kubernetes Q & A - Part I
- Kubernetes Q & A - Part II
- Docker - Run a React app in a docker
- Docker - Run a React app in a docker II (snapshot app with nginx)
- Docker - NodeJS and MySQL app with React in a docker
- Docker - Step by Step NodeJS and MySQL app with React - I
- Installing LAMP via puppet on Docker
- Docker install via Puppet
- Nginx Docker install via Ansible
- Apache Hadoop CDH 5.8 Install with QuickStarts Docker
- Docker - Deploying Flask app to ECS
- Docker Compose - Deploying WordPress to AWS
- Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI EC2 type)
- Docker - WordPress Deploy to ECS with Docker-Compose (ECS-CLI Fargate type)
- Docker - ECS Fargate
- Docker - AWS ECS service discovery with Flask and Redis
- Docker & Kubernetes : minikube
- Docker & Kubernetes 2 : minikube Django with Postgres - persistent volume
- Docker & Kubernetes 3 : minikube Django with Redis and Celery
- Docker & Kubernetes 4 : Django with RDS via AWS Kops
- Docker & Kubernetes : Kops on AWS
- Docker & Kubernetes : Ingress controller on AWS with Kops
- Docker & Kubernetes : HashiCorp's Vault and Consul on minikube
- Docker & Kubernetes : HashiCorp's Vault and Consul - Auto-unseal using Transit Secrets Engine
- Docker & Kubernetes : Persistent Volumes & Persistent Volumes Claims - hostPath and annotations
- Docker & Kubernetes : Persistent Volumes - Dynamic volume provisioning
- Docker & Kubernetes : DaemonSet
- Docker & Kubernetes : Secrets
- Docker & Kubernetes : kubectl command
- Docker & Kubernetes : Assign a Kubernetes Pod to a particular node in a Kubernetes cluster
- Docker & Kubernetes : Configure a Pod to Use a ConfigMap
- AWS : EKS (Elastic Container Service for Kubernetes)
- Docker & Kubernetes : Run a React app in a minikube
- Docker & Kubernetes : Minikube install on AWS EC2
- Docker & Kubernetes : Cassandra with a StatefulSet
- Docker & Kubernetes : Terraform and AWS EKS
- Docker & Kubernetes : Pods and Service definitions
- Docker & Kubernetes : Service IP and the Service Type
- Docker & Kubernetes : Kubernetes DNS with Pods and Services
- Docker & Kubernetes : Headless service and discovering pods
- Docker & Kubernetes : Scaling and Updating application
- Docker & Kubernetes : Horizontal pod autoscaler on minikubes
- Docker & Kubernetes : From a monolithic app to micro services on GCP Kubernetes
- Docker & Kubernetes : Rolling updates
- Docker & Kubernetes : Deployments to GKE (Rolling update, Canary and Blue-green deployments)
- Docker & Kubernetes : Slack Chat Bot with NodeJS on GCP Kubernetes
- Docker & Kubernetes : Continuous Delivery with Jenkins Multibranch Pipeline for Dev, Canary, and Production Environments on GCP Kubernetes
- Docker & Kubernetes : NodePort vs LoadBalancer vs Ingress
- Docker & Kubernetes : MongoDB / MongoExpress on Minikube
- Docker & Kubernetes : Load Testing with Locust on GCP Kubernetes
- Docker & Kubernetes : MongoDB with StatefulSets on GCP Kubernetes Engine
- Docker & Kubernetes : Nginx Ingress Controller on Minikube
- Docker & Kubernetes : Setting up Ingress with NGINX Controller on Minikube (Mac)
- Docker & Kubernetes : Nginx Ingress Controller for Dashboard service on Minikube
- Docker & Kubernetes : Nginx Ingress Controller on GCP Kubernetes
- Docker & Kubernetes : Kubernetes Ingress with AWS ALB Ingress Controller in EKS
- Docker & Kubernetes : Setting up a private cluster on GCP Kubernetes
- Docker & Kubernetes : Kubernetes Namespaces (default, kube-public, kube-system) and switching namespaces (kubens)
- Docker & Kubernetes : StatefulSets on minikube
- Docker & Kubernetes : RBAC
- Docker & Kubernetes Service Account, RBAC, and IAM
- Docker & Kubernetes - Kubernetes Service Account, RBAC, IAM with EKS ALB, Part 1
- Docker & Kubernetes : Helm Chart
- Docker & Kubernetes : My first Helm deploy
- Docker & Kubernetes : Readiness and Liveness Probes
- Docker & Kubernetes : Helm chart repository with Github pages
- Docker & Kubernetes : Deploying WordPress and MariaDB with Ingress to Minikube using Helm Chart
- Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 2 Chart
- Docker & Kubernetes : Deploying WordPress and MariaDB to AWS using Helm 3 Chart
- Docker & Kubernetes : Helm Chart for Node/Express and MySQL with Ingress
- Docker & Kubernetes : Deploy Prometheus and Grafana using Helm and Prometheus Operator - Monitoring Kubernetes node resources out of the box
- Docker & Kubernetes : Deploy Prometheus and Grafana using kube-prometheus-stack Helm Chart
- Docker & Kubernetes : Istio (service mesh) sidecar proxy on GCP Kubernetes
- Docker & Kubernetes : Istio on EKS
- Docker & Kubernetes : Istio on Minikube with AWS EC2 for Bookinfo Application
- Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part I)
- Docker & Kubernetes : Deploying .NET Core app to Kubernetes Engine and configuring its traffic managed by Istio (Part II - Prometheus, Grafana, pin a service, split traffic, and inject faults)
- Docker & Kubernetes : Helm Package Manager with MySQL on GCP Kubernetes Engine
- Docker & Kubernetes : Deploying Memcached on Kubernetes Engine
- Docker & Kubernetes : EKS Control Plane (API server) Metrics with Prometheus
- Docker & Kubernetes : Spinnaker on EKS with Halyard
- Docker & Kubernetes : Continuous Delivery Pipelines with Spinnaker and Kubernetes Engine
- Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-dind (docker-in-docker)
- Docker & Kubernetes : Multi-node Local Kubernetes cluster : Kubeadm-kind (k8s-in-docker)
- Docker & Kubernetes : nodeSelector, nodeAffinity, taints/tolerations, pod affinity and anti-affinity - Assigning Pods to Nodes
- Docker & Kubernetes : Jenkins-X on EKS
- Docker & Kubernetes : ArgoCD App of Apps with Heml on Kubernetes
- Docker & Kubernetes : ArgoCD on Kubernetes cluster
- Docker & Kubernetes : GitOps with ArgoCD for Continuous Delivery to Kubernetes clusters (minikube) - guestbook
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization
My YouTube channel