MMiles
Posts Categories
MMiles

Contents

Ingress in the Raspberry Pi Cluster

 included in Tech
   573 words   3 minutes 

Accessing services running within the Raspberry Pi Cluster

Introduction

After deploying a few demo services in the Pi Cluster, I wanted to figure out how I could access them outside the cluster.

Ingress Controllers

This video gives a good intro to ingress in bare metal clusters:

https://www.youtube.com/watch?v=k8bxtsWe9qw

The Ingress Controllers manage the Ingress resources, which are just config that states what internal cluster services/apps an external client should be routed to when they go to certain addresses.

K3s comes with the Traefik ingress controller out the box, but the nginx-ingress-controller is an alternative.

MetalLB

By default, the Traefik Ingress Controller created in the Pi cluster will be given the same external IP address as the master node.

MetalLB allows Ingress Controllers to be assigned different IPs (still within home network range).

I have installed it via the manifests rather than Helm (see the manifests/metallb/metallb-native.yaml file in this repo.

You also need to create a IpAddressPool, which defines which IPs in the local network can be assigned by MetalLB. I have chosen 192.168.0.100 - 192.168.0.120. Lastly, you need to create a L2Adverstisement.

The video above gives a good tutorial on how to install MetalDB in the cluster.

The image below shows the Traefik Ingress controller in the cluster. It has a type “LoadBalancer”, and that external IP was assigned by MetalLB.

/load-balancer.jpg

Accessing a Service

To demonstate access, I have created a homeassistant service to the cluster. The manifests are also stored in this repo.

It creates a service called homeassitant-service, and among other things also creates an Ingress resource which routes traffic to homeassistant.local to this service.

There are a few other quirks of getting homeassistant to run in the cluster (namely the addition of trusted proxies in /config/configuration.yaml), which are better explained in this article:

https://jaygould.co.uk/2024-01-01-setting-up-home-assistant-kubernetes-k3s/

You can then access the homeassistant service a few ways:

  • Port-forwarding the pod to localhost, and then accessing localhost from browser
  • Finding the homeassistant pod IP, and typing that into browser with port 8123. The pod IP will be the same as one of your Pi node IPs
  • Opening /etc/hosts/ on the machine you want to access from. The machine can be outside the cluster (e.g. not one of the Pis), but it must be connected to the same local network. Inside /etc/hosts/, you can add a new mapping:
    • <ip_of_ingress_controller> homeassistant.local
    • For homeassistant, this will also only work once you’ve added the IPs of all your Pis to /config/configuration.yaml in the HA pod as well (see article above)

Port-Forwarding From Local Network

If you host other applications in the pi cluster and set them up so the kube ‘service’ is a LoadBalancer type, they should be auto-assigned an external IP. This should fall within the 192.168.0.100 - 192.168.0.120 range is managed by MetaLB.

You can then access this services remotely if you set up port-forwarding in your home network router (via the admin console).

Firstly, find the external IP assigned to the service (should be able to see this in the ‘services’ section in k9s).

Then go into home router admin console, and choose port-forwarding (for Virgin, this is in Security -> Port-Forwarding). Find the port that it is mapped to (you might see something like http:8010►30290 in the port field in k9s, you want the first number - 8010) and set this as the start and end ports for both local and external.

You should then be able to access the service by going to http://<PUBLIC_IP_OF_YOUR_HOME_NETWORK>:<PORT>

Updated on 2024-12-06
Back | Home