- Provides rule based routing
- Requests can be received at a single IP address (NLB's IP) and forwarded to the right service based on the path or subdomain.
- Here, we define routing rules for the hostname - Backend is the target where the incoming requests for that hostname will be redirected
Ingress & Internal Service Setup¶
- ServiceName - name of the internal service - ServicePort - port on which the internal service is available
- A pod or a set of pods that act as the entry point to the cluster and evaluate ingress rules & manage redirections
- Ingress component cannot do anything by itself, it needs an ingress controller which is an implementation for ingress component.
- K8s Nginx Ingress Controller
- 3rd party
Setup & Configuration¶
- On Cloud
- Cloud provider's load balancer acts as the entry point and forwards request to ingress controller (managed solution, minimal effort)
- On Premise
- Need to configure entry point ourselves
- External proxy server (hardware or software) acting as the entry point (has external IP address)
- None of the nodes in the cluster have external IP addresses (for security)
Default Backend in Ingress¶
- If a request does not match any rule, the ingress controller redirects it to the
default-http-backendservice. If it doesn't exist, 404 error is returned.
- This is useful to display a custom "Page doesn't exist" error message.
- Default backend can be created by creating a pod with the same name as the default http backend and on the same port.
Routing to multiple paths¶
Routing to multiple subdomains¶
Configuring TLS Certificate¶
- TLS Certificate has to be created as a secret in the same namespace as the ingress
- Ingress uses the TLS certificate as a reference from the secret
Last updated: 2022-09-12