Ingress in the simplest way possible
Ingress in the simplest way:
- In Kubernetes, an Ingress is an API object that manages external access to services within a cluster. It acts as a traffic controller, routing incoming requests to the appropriate services based on rules defined in the Ingress resource.
Default backend:
An Ingress with no rules sends all traffic to a single default backend and
.spec.defaultBackend
is the backend that should handle requests in that case. ThedefaultBackend
is conventionally a configuration option of the Ingress controller and is not specified in your Ingress resources. If no.spec.rules
are specified,.spec.defaultBackend
must be specified. IfdefaultBackend
is not set, the handling of requests that do not match any of the rules will be up to the ingress controller (consult the documentation for your ingress controller to find out how it handles this case).If none of the hosts or paths match the HTTP request in the Ingress objects, the traffic is routed to your default backend.
Resource Backends:
A resource backend in an Ingress refers to the destination where incoming requests should be forwarded to. It specifies the service and port that should handle the request. In simpler terms, the resource backend tells the Ingress where the request should be sent within the cluster.
Let's break it down further:
Ingress: It's like a gatekeeper for external traffic coming into the Kubernetes cluster. It receives incoming requests and decides where to send them based on the defined rules.
Resource backend: When setting up rules in the Ingress, you specify the resource backend for each rule. The resource backend consists of two main parts:
Service: A Service in Kubernetes is an abstraction that defines a set of Pods and a policy to access them. It groups the Pods together and provides a stable network endpoint for accessing them.
Port: Each Service may have multiple ports, and the port number specifies which specific application or endpoint within the Service should handle the request.
Together, the service and port form the resource backend, which determines the target of the incoming request.
Ingress configuration file:
Routing rules:
- Forward the request to the internal service.
host:
Valid domain address.
map a domain name to the node's IP address which will be the entry point. if you map with the node which is out of the cluster then that will be the entry point.
How to configure ingress in your cluster?
If you create the ingress component alone that won't be enough for ingress routing rule to works.
You need an implementation for ingress which is called ingress controller.
so the step1 will be install that ingress controller which is another pod or set of pods that run on our k8s cluster.
and do evaluations and processes ingress rules.
The function of the ingress controller is:-
evaluates all the rules that we have defined in our cluster.
manage redirection.
The entry point in the cluster.
You can have 50 rules in your cluster and it decides based on that which forwarding rule applied for a specific request.
There is many third-party implementations.
There is one from k8s itself that is the k8s NGINX ingress controller.
The environment on your cluster runs:
Advantage:
- You don't need to implement a load balancer by yourself, the cloud will work for that.
Bare metal:
Proxy server:
This can act as a load balancer or entry point for your cluster.
separate server
Give public IP addresses and open ports.
because of this, No server of the k8s cluster is accessible from outside. which is good practice also.
Overall flow:
Install ingress controller for in minikube:
minikube addons enable ingress
minikube addons list
- Automatically starts the k8s NGINX implementation of the ingress controller.
Ingress Usecase:
- Multiple paths for same host:
Multiple sub-domains or domains:
Now the request will look like this:
Three types of TLS you can do with ingress:
SSL passthrough
SSL offloading
SSL Bridging