How to expose the Kubernetes API to a Public IP?

Question

I have successfully set up a Kubernetes cluster on my VMware host using Rancher. I have the kubernetes-dashboard running and can execute commands to the cluster using kubectl.

Now, I want to deploy my application to the cluster using a SaaS build tool (Distelli). This build tool should connect to my host using a HTTPS client certificate, client key, and cluster certificate.

However, my kubernetes API is not public yet.

This is my current kubernetes service configuration:

$kubectl describe services kubernetes
Name:           kubernetes
Namespace:      default
Labels:         component=apiserver
            provider=kubernetes
Selector:       <none>
Type:           ClusterIP
IP:         10.43.0.1
Port:           https   443/TCP
Endpoints:      10.42.173.175:6443
Session Affinity:   ClientIP

How do I make this service available on the external IP address? I have tried to use an ingress loadbalancer to the server, but it only returns an 503 Service not available.

Any ideas?

Answer 1

You need to have a route from the public internet to the API server. This can be accomplished by assigning a public IP direct to the machine running the api server, or you could have a load balancer direct traffic in as well. You mentioned you were on VMWare so there could be a couple different paths depending on your network setup.

Answer 2

I've not totally got the hang of this yet, cause I have some questions relating to my own implementation of this (such as, how can I scale it?). But this is how I have done it.

First, you obviously have a domain, which is say "mywonderfulwebsite.com" and on there you have the DNS zone you can edit, add an 'A' Record for mywonderfulwebsite.com and point at the ip address of your cluster.

Now, which IP address is interesting because Kubernetes kind of imposes that you run multiple nodes, at least one master and one app server. Therefore in this scenario, the ip address to use, is the ip address of the app server. This incidentally is why I am not sure how to scale this, because if I have 1 master + 10 app nodes, which ip address do I use now? all of them?

On the app node, deploy ingress-nginx-controller as this is your bare metal load balancer. Bare metal is a term you'll hear a lot whilst googling, its basically that you have an empty server you installed manually Kubernetes onto, its not like AWS, Azure, or others.

Once you have installed the ingress controller, you can start to create ingress resources that use it. So thats where I initially had a confusion but now all is clear. Creating an ingress is just a resource for you application to deploy, but it requires either a LoadBalancer or an Ingress Controller to pass requests from the outside world into your cluster.

Once you create another ingress any requests from that domain will be passed along from the dns server to your app node, it'll pass into the ingress-nginx-controller, which will try to match it against any existing ingress resources and when it finds one, it'll be configured with the backends for the service resource you created for your app and bingo! Your app will receive the request.

I have a github that might help you: http://github.com/christhomas/kubernetes-cluster