Skip to content

Instantly share code, notes, and snippets.

@attiss

attiss/Nike_Production-Ready_IngressController_Setup.md

Last active October 17, 2024 11:46
Show Gist options
  • Save attiss/858b6fc898d5a4d49e5cfa2ad6953463 to your computer and use it in GitHub Desktop.
Save attiss/858b6fc898d5a4d49e5cfa2ad6953463 to your computer and use it in GitHub Desktop.
Download ZIP
Nike Production-Ready IngressController Setup
Raw
Nike_Production-Ready_IngressController_Setup.md

Nike Production-Ready IngressController Setup

Classic Clusters

  1. Update the default IngressController in the openshift-ingress-operator namespace and set:

    spec:
  logging:
    access:
      destination:
        type: Container
      httpLogFormat: '{"pod":"%H","timestamp":"%t","http_version":"%HV","http_method":"%HM","request_uri": "%HU",   "status_code":%ST,"termination_state":"%ts","tls_version":"%sslv","tls_cipher":"%sslc","client_ip":"%ci",  "client_port":%cp,"idle_time":%Ti,"response_time":%Tr,"session_duration":%Tt,"upstream_connect_time":%Tc, "backend_name":"%b","backend_server":"%s","server_ip":"%si","server_port":%sp,"retries":%rc,"bytes_uploaded":%U, "bytes_read":%B,"host":"%[capture.req.hdr(0)]","cf-ray":"%[capture.req.hdr(1)]"}'
      httpCaptureHeaders:
        request:
        - maxLength: 256
          name: Host
        - maxLength: 32
          name: CF-RAY
  tuningOptions:
    reloadInterval: 0s
    clientTimeout: 905s
    serverTimeout: 905s

  2. Update all router-* Service in the openshift-ingress namespace and set:

    spec:
  selector:
    ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default

  3. Remove the router-default-custom Deployment from the openshift-ingress namespace.

VPC Clusters

⚠️ The operation described below will cause disruption in the traffic. Make sure to execute it when no traffic is routed to the cluster! ⚠️

  1. Get the default IngressController in the openshift-ingress-operator namespace:

    kubectl get ingresscontroller -n openshift-ingress-operator default -o yaml > default.yaml

  2. Update the IngressController definition in the YAML file and set:

    spec:
  endpointPublishingStrategy:
    type: Private
  logging:
    access:
      destination:
        type: Container
      httpLogFormat: '{"pod":"%H","timestamp":"%t","http_version":"%HV","http_method":"%HM","request_uri": "%HU",   "status_code":%ST,"termination_state":"%ts","tls_version":"%sslv","tls_cipher":"%sslc","client_ip":"%ci",  "client_port":%cp,"idle_time":%Ti,"response_time":%Tr,"session_duration":%Tt,"upstream_connect_time":%Tc, "backend_name":"%b","backend_server":"%s","server_ip":"%si","server_port":%sp,"retries":%rc,"bytes_uploaded":%U, "bytes_read":%B,"host":"%[capture.req.hdr(0)]","cf-ray":"%[capture.req.hdr(1)]"}'
      httpCaptureHeaders:
        request:
        - maxLength: 256
          name: Host
        - maxLength: 32
          name: CF-RAY
  tuningOptions:
    reloadInterval: 0s
    clientTimeout: 905s
    serverTimeout: 905s

  3. Remove the default IngressController in the openshift-ingress-operator namespace:

    kubectl delete ingresscontroller -n openshift-ingress-operator default

  4. Wait until the default IngressController is deleted.

  5. Apply the edited IngressController definition YAML:

    kubectl apply -f default.yaml

  6. Create a LoadBalancer Service manually in the openshift-ingress namespace:

    apiVersion: v1
kind: Service
metadata:
  annotations:
    service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: public
    service.kubernetes.io/ibm-load-balancer-cloud-provider-vpc-idle-connection-timeout: "910"
  labels:
    app: router
    ingresscontroller.operator.openshift.io/owning-ingresscontroller: default
    router: router-default-custom
  name: router-default-custom
  namespace: openshift-ingress
spec:
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default
  type: LoadBalancer

  7. Wait until the LoadBalancer Service has an address assigned:

    $ kubectl get services -n openshift-ingress
NAME                    TYPE           CLUSTER-IP      EXTERNAL-IP                            PORT(S)                      AGE
router-default-custom   LoadBalancer   xxx.xx.xxx.xx   xxxxxxxxxxxxxxxxx.lb.appdomain.cloud   80:xxxxx/TCP,443:xxxxx/TCP   9h

    Note: the address appears in the EXTERNAL-IP column.

  8. Register the new LoadBalancer address to the Ingress domain:

    1. Get the Ingress domain.

      ibmcloud ks ingress domain ls --cluster <cluster>

    2. Update the Ingress domain.

      ibmcloud ks ingress domain update --cluster <cluster> --domain <domain> --hostname <lb-address>

  9. Verify that the IngressController pods are running in the openshift-ingress namespace:

    $ kubectl get pods -n openshift-ingress
NAME                              READY   STATUS    RESTARTS   AGE
router-default-7cd945b7fc-6msv4   1/1     Running   0          9h
router-default-7cd945b7fc-zcng6   1/1     Running   0          9h

  10. Verify that the IngressController is serving traffic by sending a request to the Ingress domain:

    $ curl https://router-default.<domain>/healthz
ok
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment