We can write our own routing rules, which are implemented in seconds, and these rules also can be utilized in the application source code. Furthermore, endpoints like REST-APIs, static content, and dynamic web frontends may all be accessed via one IP address, potentially serving content for multiple domain names. This is often precisely what Ingress does, and this is often where it excels.
What is Ingress
Ingress is an API resource that gives us an easy means of describing HTTP and HTTPS routes from outside the cluster to services inside the cluster. With Ingress, we will outline rules for routing traffic while not making a bunch of Load Balancers or exposing every service on the node. It will be organized to offer services externally-reachable URLs, load balance traffic, terminate SSL/TLS, and provide name-based virtual hosting and content-based routing.
Ingress Components
Ingress Resource
Ingress Resource is a Kubernetes resource that specifies ingress controller rules for routing incoming traffic.
Example of a simple ingress:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: minimal-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - http: paths: - path: /testpath pathType: Prefix backend: service: name: test port: number: 80
apiVersion: It defines which Kubernetes API is used to create an object.
Kind: It defines what kind of object needs to create
metadata: A name string, a UID, and an optional namespace help to uniquely identify the object.
spec: What condition do you want the object to be in.
Ingress Controller
A Kubernetes Ingress controller is a load balancer designed specifically for Kubernetes environments. For managing containerized systems, Kubernetes has become the de-facto standard. Moving production workloads to Kubernetes adds new obstacles and complexities to application traffic management for many businesses. The ingress controller will accept traffic from outside the Kubernetes network and distribute it to pods (containers) running on the platform. It can handle egress traffic within a cluster for services that need to talk to other services outside of the cluster. Ingress controllers are used to deploying artifacts known as “Ingress Resources” using the Kubernetes API.
To Know More on Ingress controller
Also Check: our previous blog on Kubernetes Networking
Default Backend
Default Backend is a small application that simply intercepts traffic for which no applicable rules have been specified through ingress resources and displays a 404 page.
Types of Ingress
Single service Ingress
Where an Ingress has no rules, all traffic is routed to a single default backend. If none of the hosts or paths in the Ingress objects meets the HTTP message, the traffic is redirected to the default backend.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: test-ingress spec: defaultBackend: service: name: test port: number: 80
Simple fanout Ingress
A fanout configuration sends traffic from a single IP address to multiple Services depending on the requested HTTP Uniform Resource Identifier(URI).
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: simple-fanout-example spec: rules: - host: foo.bar.com http: paths: - path: /foo pathType: Prefix backend: service: name: service1 port: number: 4200 - path: /bar pathType: Prefix backend: service: name: service2 port: number: 8080
Name-based virtual hosting
Name-based virtual hosts support steering HTTP traffic to various hostnames at a similar IP address.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: name-virtual-host-ingress spec: rules: - host: foo.bar.com http: paths: - pathType: Prefix path: "/" backend: service: name: service1 port: number: 80 - host: bar.foo.com http: paths: - pathType: Prefix path: "/" backend: service: name: service2 port: number: 80
Creating TLS with Ingress
we can secure a Kubernetes application by producing a secret that includes a TLS (Transport Layer Security) private key and certificate. Ingress only supports one TLS port, 443, and assumes TLS termination. The TLS secret must include keys named tls. crt and tls. keys, which include the TLS certificate and private key.
A simple Example to Create Secret using Yaml
apiVersion: v1 kind: Secret metadata: name: testsecret-tls namespace: default data: tls.crt: base64 encoded cert tls.key: base64 encoded key type: kubernetes.io/tls
TLS is an acronym for Transport Layer Security. It’s essentially a protocol that enables encrypted communication between TLS-enabled browsers and web applications. TLS is enabled in any web application that is accessible through HTTPS. A Secret that includes a TLS private key and certificate can be used to protect an Ingress. Only one TLS port, 443, is supported by the Ingress resource, which implies TLS termination at the ingress stage. If different hosts are specified in the TLS configuration section of an Ingress, they are multiplexed on the same port according to the hostname specified via the SNI TLS extension (provided the Ingress controller supports SNI). The tls.crt and tls. key keys in the TLS secret must contain the certificate and private key to use with TLS.
The Following is a Simple Example of TLS
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: secure-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: tls: - hosts: - test-ingress.com secretName: secure-ingress rules: - host: test-ingress.com http: paths: - path: /ingress1 pathType: Prefix backend: service: name: ingress-service1 port: number: 80 - path: /ingress2 pathType: Prefix backend: service: name: ingress-service2 port: number: 80
Related Post
- Certified Kubernetes Administrator (CKA): Step-by-Step Activity Guide (Hands-on Lab)
- Kubernetes Architecture: An Introduction to Kubernetes Components
- Kubernetes Deployment and Step-by-Step Guide to Deployment: Update, Rollback, Scale & Delete
- Kubernetes Dashboard: An Overview, Installation, and Accessing
- Kubernetes Ingress Controller
Next Task For You
Discover the Power of Kubernetes, Docker & DevOps – Join Our Free Masterclass. Unlock the secrets of Kubernetes, Docker, and DevOps in our exclusive, no-cost masterclass. Take the first step towards building highly sought-after skills and securing lucrative job opportunities. Click on the below image to Register Our FREE Masterclass Now!
Leave a Reply