GKE Ingress Controller
GKE Ingress for Application Load Balancers¶
GKE Ingress is the built-in, managed ingress controller for provisioning Application Load Balancers from the creation of ingress objects in GKE clusters.
GKE clusters come with the controller by default via having the HTTP load balancing add-on enabled.
Google Cloud Load Balancing¶
Using a load balancer allows Comet to be reached outside of the Kubernetes cluster. While Google Cloud offers multiple types of load balancers, Comet requires an application load balancer. Google Cloud Load Balancing has two types of application load balancers:
- External Application Load balancers: Expose an application on the internet with an external IP address
- Internal Application Load Balancers: Expose an application within Google Cloud using an internal IP address
Ingress Objects¶
In order to expose any application outside of your cluster, Kubernetes offers you the choice between using either certain kinds of Service objects or Ingress objects. While Comet can work with both of these options, GKE Ingress will only create ALBs for Ingress objects, and we recommend the creation of an Ingress object instead of exposing the frontend Service object outside of the cluster.
Creating an Ingress for Comet using our Helm Chart¶
The Comet Helm Chart supports the automatic creation of an Ingress for the application frontend. Simply enable it through the values file like so:
# ...
frontend:
# ...
ingress:
enabled: true
annotations:
# ...
hosts:
- host: my-comet.my-company.com
paths:
- path: /*
pathType: ImplementationSpecific
# ...
Annotating the Ingress for the Controller¶
Since GKE Ingress watches for annotated objects to know when and how to create ELBs, we next need to ensure that the Ingress object receives the proper annotations. This is also done directly in the values file.
# ...
frontend:
# ...
ingress:
# ...
annotations:
kubernetes.io/ingress.class: gce # Use 'gce-internal' to create an internal application load balancer
# ...
Use a Static IP with the Load Balancer¶
Using a static IP can ensure that the same IP is always associated with your load balancer, even in the event of the ingress being removed and recreated, and can help avoid any required updates of the DNS record for your Comet hostname. For more information on static IP creation, see the official docs. Once created, the IP can be set for the load balancer with the following annotation:
# ...
frontend:
# ...
ingress:
# ...
annotations:
kubernetes.io/ingress.global-static-ip-name: static-ip-name
# ...
Provision an SSL Certificate for the Load Balancer¶
The Comet Helm chart supports the provisioning of a Google-managed SSL certificate for the load balancer, via the values and annotations specified below.
The certificate will be created for the host set in the hosts spec of the ingress.
Set Ingress Value and Annotations:
# ...
frontend:
# ...
ingress:
# Initiates creation of a ManagedCertificate object in the cluster to trigger certificate creation,
# as well as creation of a FrontendConfig object to enable SSL redirection
enableSSL: true
# ...
annotations:
# Associates the cert with the load balancer via the default name of the ManagedCertificate object
networking.gke.io/managed-certificates: managed-cert
# Enables SSL redirection via the FrontendConfig object
networking.gke.io/v1beta1.FrontendConfig: frontend-ssl-redirect
# ...
# ...
Accessing Comet Through the Load Balancer¶
Once you've updated the Helm release to create the annotated Ingress object, GKE Ingress should automatically detect the Ingress and create the application load balancer. You should see its IP address when you inspect the Ingress object:
$ kubectl get ingress -l app.kubernetes.io/name=cometml
NAME HOSTS ADDRESS PORTS AGE
comet-ml-ingress * LB-IP 80 3m