In this part of the Kubernetes homelab, we’ll dive into the networking setup.
Network configuration
My networking implementation is straightforward. All of the cluster nodes, along with the router with a built-in firewall, are on a single /24 private network. This is a standard home setup.
I set up my router's DHCP to assign static IPs to servers 1 and 2 by mapping them to their respective MAC addresses.
- server1: 192.168.1.11
- server2: 192.168.1.10
- router: 192.168.1.254
Kubernetes internal networking
In order to expose your applications, you'll need an Ingress Controller. This runs on every node in the cluster and listens on ports 80 and 443 (HTTP and HTTPS). I choose the Nginx Ingress Controller, which is easy to install on Microk8s:
microk8s enable ingress
Then, I configured the router to forward incoming requests on ports 80 and 443 to any one of the nodes, in my case server2
.
All other ports are blocked by the router’s firewall, ensuring that only necessary traffic reaches the servers.
server2
will handle all ingress traffic, and use the Calico network plugin to route the requests to the pods on the corresponding nodes.
I chose Calico for its support to NetworkPolicies, but Kubernetes allows you to use other Container Network Interfaces (CNIs) that may better suit your setup.
Note:
This means that ifserver2
is unavailable for some reason, the cluster will not respond to any incoming requests. It is a Single Point Of Failure.
One solution would be to use an IP failover mecanism like keepalived.
Finally, I also installed Cert Manager, to handle SSL certificate requests for my HTTPS routes and automatically manage renewals.
Installing it is a simple as:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/<version>/cert-manager.yaml
With this setup, I simply create an Ingress
, then the NGINX Ingress Controller along with Cert Manager takes care of the rest:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/rewrite-target: /
name: portfolio-ingress
namespace: portfolio
spec:
ingressClassName: nginx
rules:
- host: mydomain
http:
paths:
- backend:
service:
name: portfolio
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- mydomain
secretName: certificate-prod-portfolio
Top comments (0)