Kubernetes NGINX ingress controller with Dapr

In this post I’ll show you how to expose your “Daprized” applications using and NGINX ingress controller.

Prerequistes

• A working kubernetes cluster with Dapr installed. If you need instructions please find them here

Deploy an application to your Kubernetes cluster

I’ll be using a simple Azure Function I created back in 2017 in the following post: Run a Precompiled .NET Core Azure Function in a Container which exposes a simple validation function.

Create a function.yaml file with the following contents:

 1apiVersion: apps/v1beta1
 2kind: Deployment
 3metadata:
 4  name: dni-function
 5  namespace: default
 6spec:
 7  replicas: 1
 8  template:
 9    metadata:
10      labels:
11        app: dni-function
12      annotations:
13        dapr.io/enabled: "true"
14        dapr.io/id: "dni"
15        dapr.io/port: "80"
16    spec:
17      containers:
18        - name: dni-function
19          image: cmendibl3/dni:1.0.0
20          ports:
21            - containerPort: 80

Note the dapr.io annotations used to instruct Dapr to inject the sidecar in your pod.

Now deploy the function into kubernetes:

1kubectl apply -f ./function.yaml

Deploy NGINX Ingress Controller with Dapr

We are going to “Daprize” the NGINX Ingress Controller so traffic flows as shown in the following picture [1]:

In order to add the dapr.io annotations to the NGINX pod, create a dapr-annotations.yaml file with the following contents:

1controller:
2  podAnnotations:
3    dapr.io/enabled: "true"
4    dapr.io/id: "nginx-ingress"
5    dapr.io/port: "80"

and deploy the NGINX ingress controller:

1helm repo add stable https://kubernetes-charts.storage.googleapis.com/
2helm install nginx stable/nginx-ingress -f .\dapr-annotations.yaml -n default

Since we´ll also be adding TLS termination to the mix, run the following commands to generate the certificate and deploy the corresponding secret into kubernetes:

1openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=hydra/O=hydra"
2kubectl create secret tls tls-secret --key tls.key --cert tls.cert

Now create the ingress rule (ingress.yaml* file) with the following contents:

 1apiVersion: extensions/v1beta1
 2kind: Ingress
 3metadata:
 4  name: ingress-rules
 5  namespace: default
 6  annotations:
 7    kubernetes.io/ingress.class: nginx
 8    nginx.ingress.kubernetes.io/rewrite-target: /
 9spec:
10  tls:
11    - hosts:
12        - hydra
13      secretName: tls-secret
14  rules:
15    - host: hydra
16      http:
17        paths:
18          - path: /
19            backend:
20              serviceName: nginx-ingress-dapr
21              servicePort: 80

Note that the rule is calling the nginx-ingress-dapr service which was created by Dapr when we deployed the Daprized version of the ingress controller. This means that all trafic with the hydra host will be sent to the Dapr sidecar of your NGINX controller pod.

Deploy the ingress rule:

1kubectl apply -f ./ingress.yaml

Test the “Daprized” application

To test the application we’ll need the public IP of the ingress service, so run the following command and copy the resulting IP address:

1kubectl get service --selector=app=nginx-ingress,component=controller -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}'

Now make a simple curl request, using the Dapr invocation api specification, to the application:

1curl -k -H "Host: hydra" "https://<ingress ip>/v1.0/invoke/dni/method/api/validate?dni=54495436H"

If everything runs as expected you should get the following result:

1true

Hope it helps!

Learn more about Dapr here and Dapr service invocation here

Learn More

• How Distributed Application Runtime (Dapr) has grown since its announcement
• Announcing Azure Functions extension for Dapr

References

[1] Image from the Dapr Predentation deck