Skip to content

Ingress rule configuration

Ingress rule configuration defines how incoming external traffic is routed to [[Services]] within a Kubernetes cluster. Unlike traditional Services that often require managing numerous port mappings, Ingress acts as a smart entry point (Layer 7 HTTP/HTTPS load balancer) that consolidates traffic rules.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]

Core Functions

The primary purpose of configuring Ingress rules is to establish a unified gateway for cluster applications.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md] This configuration allows the cluster to:

  • Path-based routing: Direct requests to different Services based on the URL hostname or pathname.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]
  • Standardize ports: Expose a single HTTP port (80) and HTTPS port (443) for multiple services, avoiding the need to manage complex port number permutations for each backend.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]
  • Load balancing: Distribute traffic across backend Pods using various algorithms or weights.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]
  • SSL Termination: Offload SSL/TLS decryption at the Ingress level, allowing unencrypted traffic between the Ingress Controller and backend Pods.^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]

Configuration Strategies

Ingress rules are typically defined in a YAML manifest under the spec section. The configuration strategy depends on the complexity of the routing required.

Default Backend

For simple scenarios where a single Service handles all traffic that doesn't match other specific rules, a defaultBackend can be configured^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md#L158-166].

spec:
  ingressClassName: nginx
  defaultBackend:
    service:
      name: my-service
      port:
        number: 8000

Simple Fanout (Name-based Virtual Hosting)

This strategy uses "Simple Fanout" to route requests from the same IP address to different Services based on the Host header^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]. This is achieved by defining a list of rules within the Ingress spec^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md#L324-350].

Each rule maps a specific hostname (e.g., foo.com) to a specific backend Service via HTTP paths.

spec:
  ingressClassName: nginx
  rules:
    - host: foo.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: foo-service
                port:
                  number: 8000
    - host: bar.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: bar-service
                port:
                  number: 8000

Implementation Requirements

To function, Ingress requires an Ingress Controller (e.g., NGINX) to be running within the cluster^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]. Without a controller, defining Ingress resources has no effect.

Additionally, when testing Name-based Virtual Hosting locally (without a valid DNS provider), the system's /etc/hosts file must be updated to map the configured hostnames to the Ingress Controller's IP address (typically 127.0.0.1 for local setups)^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md].

Sources

^[400-devops__06-Kubernetes__k8s-ithelp__Day9__README.md]