Install Kuma with egress-enabled
kumactl install control-plane \
--mode zone --egress-enabled \
| kubectl apply -f -
If your mesh have “networking.outbound.passthrough=false”
networking:
outbound:
passthrough: falseYou need to have this ExternalService to kube api-server
apiVersion: kuma.io/v1alpha1
kind: ExternalService
mesh: default
metadata:
name: kubeapi
spec:
tags:
kuma.io/service: kubeapi
kuma.io/protocol: tcp
networking:
address: 192.168.1.1:6443With allow-all MeshTrafficPermission
apiVersion: kuma.io/v1alpha1
kind: MeshTrafficPermission
metadata:
name: allow-all
labels:
kuma.io/mesh: default
spec:
from:
- targetRef:
kind: Mesh
default:
action: AllowInstall Ingress NGINX with this annotations “kuma.io/gateway: enabled”
apiVersion: apps/v1
kind: Deployment
metadata:
...
spec:
template:
metadata:
annotations:
kuma.io/gateway: enabled
...Add “kuma.io/sidecar-injection: enabled” label into ingress-nginx namespace
kind: Namespace
metadata:
annotations:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
kubernetes.io/metadata.name: ingress-nginx
kuma.io/sidecar-injection: enabledRollout restart
$ k rollout restart deployment -n ingress-nginx Result:
ingress nginx controller with sidecar pod (2/2)
$ k get pod -o wide -n ingress-nginx
NAME READY STATUS RESTARTS AGE IP NODE
ingress-nginx-admission-create-968sc 0/1 Completed 0 17d <none> cks-worker3
ingress-nginx-admission-patch-r2jlq 0/1 Completed 0 17d <none> cks-worker2
ingress-nginx-controller-7fb565c6fd-p5nmt 2/2 Running 0 38m 10.169.4.66 cks-worker2
That is all.
