What is Ingress
The key features of ingress are that it acts as a single point of entry and routes incoming traffic from the internet into cluster internal services by mapping HTTP or HTTPS requests based on URL path or host. It also manages SSL/TLS for secure communication.
- There are three major component of ingress.
- Ingress Controller
- Ingress Rules
- Load Balancing
Ingress Controller
How the incoming request should be routed to specific services defined by ingress while the rules have to be executed by ingress controller. This controller will be setup based on ingress resource rules. First, we have to configure the ingress controller, and then ingress resource rules will be configured.
ingress-deployment-config.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-nginx-controller
namespace: default
spec:
replicas: 1
selector:
matchLabels:
name: ingress-nginx
template:
metadata:
labels:
name: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/controller:v1.1.2@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c
name: nginx-ingress-controller
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
Ingress controller has its own set of requirements; the image used in the deployment config, the application-run program is available in the base directory named as /nginx-ingress-controller To start the app inside pod, we have to pass /nginx-ingress-controller as argument. Controller can have several types of configuration, like where the log file will be stored or session timeout configurations. We can set those information in the ConfigMap. We have to create ConfigMap object; this map will be passed in as argument
(–configmap=$(POD_NAMESPACE)/ingress-nginx-controller) We do not have to configure everything in the ConfigMap instead, the blank object will function as expected with default configuration.
ingress-config-map-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-nginx-controller
namespace: default
Ingress Controller Service
Ingress Controller will not be able to accept incoming traffic from outside of the cluster untill external entry point is configured through Ingress Controller Service. The external entry point can be an IP address or DNS, by using this controller will accept incoming request on specific port and forward request to specific pods based on ingress rules.
ingress-deployment-service-config.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller-service
namespace: default
spec:
ports:
- port: 80
targetPort: 80
name: http
protocol: TCP
- port: 443
targetPort: 443
name: https
protocol: TCP
selector:
name: ingress-nginx
type: NodePort
Ingress ServiceAccount
Ingress Controller needs to interact with various resources, like Ingress resources, configMap, or services, to perform its tasks effectively. A service account is required with the right permissions, to access all of these resources. Now we will create a service account with correct Roles, ClusterRoles and RoleBindings. The blank object will function as expected with the default configuration.
ingress-service-account-config.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-service-account
Ingress Resources
The incoming request’s routing rules are defined in the Ingress resources as how the request’s forward to the internal services. Based on hostnames or URL paths, the rules are defined.
Ingress resources define routing logic; those logics are not used by themselves. Instead, the ingress controller reads the resource configuration, and routing rules defined in the resource configuration are implemented by this ingress controller.
ingress-resources-config.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
name: ingress-multiple-apps
namespace: default
spec:
rules:
- host: kube.phoenix.me
http:
paths:
- backend:
serviceName: app-service
servicePort: 8080
path: /app
pathType: Prefix
- backend:
serviceName: video-service
servicePort: 8080
path: /video
pathType: Prefix
- The spec.rules field defines ingress rules.
- host: An incoming request will land on kube.phoenix.me.
- paths: traffic routing rules are defined based on URL paths, suppose if used, call kube.phoenix.me/app and the traffic will be routed to app-service. On the other hand, requests that match this url (kube.phoenix.me/video) will be forwarded to video-service.
kubectl describe ingress ingress-multiple-apps
Application service
Service enable clients to interact with pods, through some ports that are being exposed inside and outside the cluster. In the given configuration, if the ingress controller pings port 8080, the service will redirect the request to the pod’s port 8080 with the given label named application: logger-application
app-service-config.yaml
apiVersion: v1
kind: Service
metadata:
name: app-service
spec:
type: NodePort
ports:
- targetPort: 8080 # container listens port
port: 8080 # the service will listen on
nodePort: 30005 # the static port that will be opened on each node
selector:
application: logger-application
Application Deployment
Deployment is a tool for managing the application’s pod, through this managing pode image version, how many replicas can be spin up, and so on.
apiVersion: apps/v1
kind: Deployment
metadata:
name: logger-app-deployment
namespace: default
spec:
replicas: 3
selector:
matchLabels:
application: logger-application
template:
metadata:
labels:
application: logger-application
spec:
containers:
- name: logger-application-container
image: cmabdullah21/log-simulation:latest
ports:
- containerPort: 8080
