Skip to content

Kubernetes Ingress

Kubernetes Ingress is an API object that manages external access to services within a cluster, typically via HTTP/HTTPS.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md] It acts as a unified entry point or "Smart Router" (路由守護神) that operates at a higher layer than standard [[Services]], solving the complexity of managing multiple exposed ports.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Core Functionality

Unlike Services, which often require distinct port mappings for each application, Ingress provides a single unified access point—typically port 80 for HTTP and port 443 for HTTPS.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md] Its primary responsibilities include:

  • Service Routing: Mapping different hostnames or pathnames to specific backend Services, providing externally-reachable URLs.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]
  • Load Balancing: Distributing traffic flow using algorithms or backend weight schemes.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]
  • SSL Termination: Handling HTTPS Decryption so that internal traffic between the Ingress Controller and Pods remains unencrypted.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]
  • Name-based Virtual Hosting: Allowing multiple domains (e.g., foo.com, bar.com) to share a single IP address.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Architecture and Components

To function, an Ingress resource requires an Ingress Controller. The Ingress resource itself is merely a configuration rule set; the controller (e.g., Nginx, Traefik) is the actual application running in the cluster that listens for traffic and enforces these rules.[400-devops-06-kubernetes-basics-README.md][400-devops-06-kubernetes-k8s-learning-06ingress-readme.md]

Common installation methods involve deploying a controller via kubectl apply, often resulting in components placed within an ingress-nginx namespace.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Traffic Flow

The typical request path flows from the external user → Ingress Controller → [[Service]] → [[Pods]].^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Configuration Examples

Ingress rules are defined in YAML files under apiVersion: networking.k8s.io/v1.

Simple Fanout (Virtual Hosting)

This configuration routes traffic from different domains to different services.

apiVersion: networking.k8s.io/v1
kind: [Ingress](<./ingress.md>)
metadata:
  name: my-ingress
spec:
  ingressClassName: nginx
  rules:
    - host: foo.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: foo-service
                port:
                  number: 80
    - host: bar.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: bar-service
                port:
                  number: 80
^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Default Backend

A defaultBackend can be specified to handle traffic that does not match any specific rules in the Ingress definition.^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Installation and Setup

Ingress controllers are not always started by default. A common deployment method uses kubectl to apply a manifest from the official ingress-nginx repository.^[400-devops-06-kubernetes-basics-README.md]

[kubectl](<./kubectl.md>) apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.1/deploy/static/provider/cloud/deploy.yaml
^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

After installation, verification involves checking the ingress-nginx namespace for running pods and services (often of type LoadBalancer or NodePort).^[400-devops-06-kubernetes-k8s-ithelp-day9-readme.md]

Sources

  • 400-devops-06-kubernetes-k8s-ithelp-day9-readme.md
  • 400-devops-06-kubernetes-basics-README.md
  • 400-devops-06-kubernetes-k8s-learning-06ingress-readme.md
  • [[Services]]
  • [[Pods]]
  • [[Load Balancer]]
  • SSL/TLS