Kubernetes Ingress Overview and Setup

Aug 12, 2024

Understanding Ingress in Kubernetes

Introduction to Ingress

  • Ingress is a Kubernetes component that allows external HTTP/S traffic to access services within a cluster.
  • It helps make applications accessible through a domain name with secure connections (HTTPS).

Basic Setup

  • Kubernetes Cluster: Contains pods (application instances) and services.
  • External Access:
    • Can be achieved via an external service exposing a public IP and port.
    • Not ideal for production; ingress should be used instead.
  • Final Setup:
    • Use a domain name with HTTPS for secure access.

Ingress vs External Services

  • External Service Configuration:
    • Defined in YAML as a load balancer service.
    • Example configuration includes IP address and port.
  • Ingress Configuration:
    • Defined with kind: Ingress instead of service.
    • Contains routing rules defining how requests are forwarded to internal services based on the host and URL path.

Ingress Routing Rules

  • Rules define how incoming requests are processed and which internal service they should be forwarded to.
  • The host refers to the domain name used in the browser.
  • The path specifies the URL path for forwarding requests.

Internal Service Configuration

  • Internal services have a default type of ClusterIP, meaning they are not exposed externally.
  • The internal service name and port must correspond to the defined ingress rules.

Installing Ingress Controller

  • To use ingress, an ingress controller must be installed in the cluster (e.g., NGINX Ingress Controller).
  • The controller evaluates all ingress rules and manages request forwarding.
  • Installation steps may vary based on the environment (cloud-based or bare metal).

Cloud Infrastructure Considerations

  • In cloud environments, use a cloud load balancer to manage incoming requests and direct them to the ingress controller.
  • In bare metal environments, configure an entry point manually, potentially using an external proxy server.

Demonstration Using Minikube

  • In Minikube, use the command minikube addons enable ingress to set up NGINX Ingress Controller.
  • Create an ingress rule for services (e.g., Kubernetes Dashboard) to access them via a browser using a specified hostname.

Creating Ingress Rules

  • Define metadata (name, namespace) and rules for hostname and path forwarding.
  • Hostname must be mapped to an IP address to resolve correctly.

Default Backend Handling

  • The default backend handles requests that do not match any defined rules.
  • Custom error messages can be configured for better user experience.

Advanced Use Cases

  • Multiple Paths:
    • Define multiple paths in a single ingress for different services under the same domain (e.g., /analytics, /shopping).
  • Subdomains:
    • Use subdomains instead of paths to access different applications (e.g., analytics.myapp.com).
  • TLS Configuration:
    • Ingress configuration for HTTPS requires a TLS secret to be referenced, containing the certificate and key.
    • Secret must be created in the same namespace as the ingress.

Conclusion

  • Ingress is an essential component in Kubernetes for managing external requests securely and efficiently.
  • Proper configuration is crucial for functionality and security.
  • Further exploration of advanced configurations is recommended for more complex applications.