Skip to content

Ingress NodePort configuration

Ingress NodePort configuration involves deploying an Ingress Controller and exposing it via a NodePort [[Service]], allowing external traffic to reach internal applications based on routing rules^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Deployment

The standard installation process begins by applying a comprehensive YAML manifest (01-ingress.yaml)^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]. This creates a dedicated namespace (ingress-nginx) along with the necessary ServiceAccounts, ConfigMaps, RBAC roles (ClusterRole/Role), and bindings^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]. A Deployment resource manages the controller pods^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Service Type and Ports

Upon successful deployment, the primary service—ingress-nginx-controller—is exposed as a NodePort^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

  • HTTP: Port 80 on the service is mapped to a specific NodePort (e.g., 30035) on the nodes^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].
  • HTTPS: Port 443 on the service is mapped to a different NodePort (e.g., 30603)^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

This configuration allows external requests targeting the node's IP and the specified NodePort (e.g., 30035) to be routed to the Ingress controller^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Reverse Proxy Integration

To provide a unified entry point using standard ports (80/443) and domain names, a reverse proxy (such as [[Nginx]]) is often configured on an edge server (e.g., hdss7-12)^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]. The proxy defines an upstream backend pointing to the Ingress NodePorts on the Kubernetes worker nodes^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

upstream default_backend_nginx {
    server 10.4.7.21:30035 max_fails=3 fail_timeout=10s;
    server 10.4.7.22:30035 max_fails=3 fail_timeout=10s;
}

server {
    server_name *.od.com;
    location / {
        proxy_pass http://default_backend_nginx;
        proxy_set_header Host $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}

This configuration forwards traffic for *.od.com to the Ingress Controller, which then routes it to the appropriate backend services^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

DNS Resolution

Accessing services via a domain requires a [[DNS]] record that resolves the domain to the reverse proxy's IP address^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md].

Sources

^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]