On Premise Ingress Setup

Configuring Ingress for on-premise installations

After installing an on-premise Kubernetes cluster you may need to expose it to the external world to serve incoming requests.

Kubernetes API Server is configured to serve incoming requests on port 443. For user traffic, Kublr exposes the following ports:

  1. 30080 — HTTP traffic
  2. 30443 — HTTPS traffic

You will need to configure your traffic to be redirected to these ports. If you use a software load balancer like HAProxy, then your configuration (/etc/haproxy/haproxy.cfg) may look like this:


frontend workload
    bind <haproxy address>:443
    bind 127.0.0.1:443
    mode tcp
    option tcplog
    default_backend workload
	
frontend kube-lego
    bind <haproxy address>:80
    bind 127.0.0.1:80
    mode tcp
    option tcplog
    default_backend kube-lego

backend workload
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
        server node1 192.168.31.201:30443 check
        server node2 192.168.31.202:30443 check
        server node3 192.168.31.203:30443 check
		
backend kube-lego
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
        server node1 192.168.31.201:30080 check
        server node2 192.168.31.202:30080 check
        server node3 192.168.31.203:30080 check

This configuration will accept traffic on 443, 80 ports and will forward requests to three servers (node1, node2, node3) using round robin balancing. Additional configuration options are described in HAProxy Configuration Manual