Understanding Ingress in Kubernetes

Introduction to Ingress

• Ingress is a Kubernetes component that allows external HTTP/S traffic to access services within a cluster.
• It helps make applications accessible through a domain name with secure connections (HTTPS).

Basic Setup

• Kubernetes Cluster: Contains pods (application instances) and services.
• External Access:
  • Can be achieved via an external service exposing a public IP and port.
  • Not ideal for production; ingress should be used instead.
• Final Setup:
  • Use a domain name with HTTPS for secure access.

Ingress vs External Services

• External Service Configuration:
  • Defined in YAML as a load balancer service.
  • Example configuration includes IP address and port.
• Ingress Configuration:
  • Defined with kind: Ingress instead of service.
  • Contains routing rules defining how requests are forwarded to internal services based on the host and URL path.

Ingress Routing Rules

• Rules define how incoming requests are processed and which internal service they should be forwarded to.
• The host refers to the domain name used in the browser.
• The path specifies the URL path for forwarding requests.

Internal Service Configuration

• Internal services have a default type of ClusterIP, meaning they are not exposed externally.
• The internal service name and port must correspond to the defined ingress rules.

Installing Ingress Controller

• To use ingress, an ingress controller must be installed in the cluster (e.g., NGINX Ingress Controller).
• The controller evaluates all ingress rules and manages request forwarding.
• Installation steps may vary based on the environment (cloud-based or bare metal).

Cloud Infrastructure Considerations

• In cloud environments, use a cloud load balancer to manage incoming requests and direct them to the ingress controller.
• In bare metal environments, configure an entry point manually, potentially using an external proxy server.

Demonstration Using Minikube

• In Minikube, use the command minikube addons enable ingress to set up NGINX Ingress Controller.
• Create an ingress rule for services (e.g., Kubernetes Dashboard) to access them via a browser using a specified hostname.

Creating Ingress Rules

• Define metadata (name, namespace) and rules for hostname and path forwarding.
• Hostname must be mapped to an IP address to resolve correctly.

Default Backend Handling

• The default backend handles requests that do not match any defined rules.
• Custom error messages can be configured for better user experience.

Advanced Use Cases

• Multiple Paths:
  • Define multiple paths in a single ingress for different services under the same domain (e.g., /analytics, /shopping).
• Subdomains:
  • Use subdomains instead of paths to access different applications (e.g., analytics.myapp.com).
• TLS Configuration:
  • Ingress configuration for HTTPS requires a TLS secret to be referenced, containing the certificate and key.
  • Secret must be created in the same namespace as the ingress.

Conclusion

• Ingress is an essential component in Kubernetes for managing external requests securely and efficiently.
• Proper configuration is crucial for functionality and security.
• Further exploration of advanced configurations is recommended for more complex applications.