# Proxy Ingress Airgap Onprem ## Problem Customer x Needs to create a loadbalanced Ingress into a kuberentes cluster without a traditional loadbalancer server and with a controlled route that metalLB layer 2 doesn not allow ## Abstract Customer can deploy a specfic node pool that is for providing predictable IPs to act as a traditional exteral proxy but are deploying a kubernetes ingress provider and integrate with kubernetes and act as a normal kubernetes ingress controller # Preprovsioned Solution ## Deploy Machines Manually deploy two new virtual machines to act as the traditional proxy servers using IPs that will be put into DNS or integrated into an external load balancing service. ## Define a new set of infrastructure Create a new set of preprovsioned machines for use by the machine deployment ```yaml= title="proxy-preprovisioned.yaml" apiVersion: infrastructure.cluster.konvoy.d2iq.io/v1alpha1 kind: PreprovisionedInventory metadata: name: prepro-md-1 #name of preprovsioned inventory, make sure it is different from other PreprovisionedInventory for regular nodes namespace: default labels: cluster.x-k8s.io/cluster-name: prepro clusterctl.cluster.x-k8s.io/move: "" spec: hosts: - address: 10.0.0.1 # Machine IPs of Proxy hosts - address: 10.0.0.2 - address: 10.0.0.3 sshConfig: port: 22 user: <user> # user to ssh privateKeyRef: name: <prepro-ssh-key> # sshkey in cluster as a secret namespace: default #Namespace of cluster, Essentials its default ``` Add this to the DKP Management/Essentials cluster ```bash= kubectl create -f proxy-preprovisioned.yaml ``` ## Create kubeconfig If machines will need to have a different deployment scheme thatn regaulr nodes for kubeconfig This guide will assume it is is same for now. ## Create Nodepool Create a new nodepool in _cluster.yaml_ define a new ```yaml= ... apiVersion: cluster.x-k8s.io/v1beta1 kind: MachineDeployment metadata: labels: cluster.x-k8s.io/cluster-name: prepro name: prepro-md-1 namespace: default spec: clusterName: prepro minReadySeconds: 0 progressDeadlineSeconds: 600 replicas: 4 revisionHistoryLimit: 1 selector: matchLabels: cluster.x-k8s.io/cluster-name: prepro cluster.x-k8s.io/deployment-name: prepro-md-1 strategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: cluster.x-k8s.io/cluster-name: prepro cluster.x-k8s.io/deployment-name: prepro-md-1 spec: bootstrap: configRef: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 kind: KubeadmConfigTemplate name: prepro-md-1 clusterName: prepro infrastructureRef: apiVersion: infrastructure.cluster.konvoy.d2iq.io/v1alpha1 kind: PreprovisionedMachineTemplate name: prepro-md-1 version: v1.26.6 #Example kubernetes version ``` Deploy the new machine deployment to the DKP cluster. ```bash= kubectl create -f proxy_machine_template.yaml ``` ## Taint nodes Manually taint the nodes once hey are added to the cluster. This will rpeevent ```bash= kubectl taint nodes <node1,node2> dedicated=proxy:NoSchedule- ``` #TODO decalrative approach in kubeadm ## Ingress Proxy ### Tolerate new nodes Deploy the ingress of choice onto the new nodes. Make sure to tolerate the node taints we put int the node ```yaml tolerations: - key: "dedicated" operator: "Equal" value: "proxy" effect: "NoSchedule" ``` ### Host Networking Deploy the pods add have the muse host netwroking, this should consume host port 80 and 443 on the nodes as a proxy servcie woruld do nromally. ```yaml= hostNetwrok: true ``` ## Deploy ingress controller .... Duplicate trafik deployment steps or Bring your own