Ingress

Ingress

Kubernetes Ingress is an object that manages external access to services within a Kubernetes cluster, typically HTTP and HTTPS.

Use Cases for Kubernetes Ingress

Path-Based Routing:

  • Route traffic to different services based on URL paths.
  • Example: Direct /api requests to api-service and /web requests to web-service.

Host-Based Routing:

  • Serve multiple domains from a single Ingress controller.
  • Example: Route example.com to one service and blog.example.com to another.

TLS/SSL Termination:

  • Secure HTTP traffic with SSL/TLS at the Ingress level.
  • Example: Use a TLS certificate for example.com.

Ingress Controller

An Ingress Controller manages external access to services in a Kubernetes cluster by processing Ingress resources. It handles routing, SSL/TLS termination, and load balancing based on the rules defined in Ingress resources.

Basic ingress

ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: backend-training-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: mat.k8s-training.dac.systems
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: crazy-backend-service
            port:
              number: 80

Make Ingress More Secure

Explanation of cert-manager in the Ingress Resource The cert-manager is a Kubernetes add-on that automates the issuance and renewal of TLS certificates. In this Ingress resource:

cert-manager.io/cluster-issuer: letsencrypt-prod: This annotation tells cert-manager to use the letsencrypt-prod ClusterIssuer to request a TLS certificate from Let's Encrypt for the specified host.

ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: backend-training-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: mat.k8s-training.dac.systems
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: crazy-backend-service
            port:
              number: 80
  tls:
  - hosts:
    - mat.k8s-training.dac.systems
    secretName: k8s-training-tls

Please replace mat with your current namespace-name.

ServiceHelm