- [ between the brackets ]
- Posts
- Understanding Ingress with Kubernetes
Understanding Ingress with Kubernetes
The kubernetes traffic controller
Welcome to [ between the brackets ] Saturday Edition! Today I’ll be talking about Ingress with Kubernetes - a pivotal aspect of deploying any service with Kubernetes.
Weekly Reading
A collection of Go readings and interviews, curated by @goinggodotnet
Briefly, Ingress is a Kubernetes resource that allows you to route external traffic into your Kubernetes cluster. If you want to expose your Kubernetes services to the outside world, you'll need to use ingress.
Ingress Basics
At a basic level, ingress sits in front of your Kubernetes services and acts as a reverse proxy and load balancer. It receives external requests and forwards them to the appropriate services in your cluster based on configured routing rules.
Key ingress concepts:
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
Traffic routing is controlled by rules defined on ingress resources.
Ingress can provide load balancing, SSL/TLS termination, and name-based virtual hosting.
You need an ingress controller like NGINX to actually handle the ingress rules and route traffic.
Here's a simple example ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: foo-service
port: 80
- path: /bar
pathType: Prefix
backend:
service:
name: bar-service
port: 80
This ingress routes requests to /foo to the foo-service, and requests to /bar to the bar-service. The ingress controller will handle routing the external traffic properly based on these rules.
Name-based Virtual Hosting
Ingress supports name-based virtual hosting, which allows routing requests to multiple hostnames at a single IP address. For example:
spec:
rules:
- host: foo.mydomain.com
http:
paths:
- backend:
serviceName: foo-service
servicePort: 80
- host: bar.mydomain.com
http:
paths:
- backend:
serviceName: bar-service
servicePort: 80
TLS Termination
Ingress can terminate TLS so you don't have to handle SSL certificates on your backend services. Specify a secret with certificate and key in your ingress definition:
spec:
tls:
- secretName: my-tls-secret
Load Balancing
An ingress controller will provision a load balancer to route traffic to your services. Many ingress controllers support advanced load balancing techniques like:
Session persistence - same client is routed to same pod
Dynamic weighting - distribute more traffic to higher capacity pods
Health checks - route traffic only to healthy pods
Ingress Controllers
Popular ingress controllers include:
NGINX
Contour
HAProxy
Traefik
These controllers will handle the actual load balancing and SSL termination for your ingress rules.
Advanced Ingress
Ingress can become pretty involved, with some more advanced topics being:
Path Matching: Ingress paths support exact, prefix, and regular expression matching.
Custom 404 Pages: Specify custom 404 error page handling.
Rewrite Rules: Regex or fixed prefix-based rewrite rules to manipulate request URLs.
Custom Timeouts/Limits: Set timeouts for connections, requests, reads/writes.
Canary Deployments: Shift traffic in increments to test new versions.
Blue-Green Deployments: Switch between two production versions.
Authentication: OAuth2, basic auth, external auth, JWT, and more.
In summary, ingress is a powerful way to expose your Kubernetes services and handle all your external traffic. You can reap the benefits with a basic setup to begin with, then leverage more advanced capabilities as your applications and infrastructure grow.
[ Zach Coriarty ]