The Ingress is a Kubernetes resource that lets you configure an HTTP load balancer for applications running on Kubernetes, represented by one or more Services. Such a load balancer is necessary to deliver those applications to clients outside of the Kubernetes cluster. It also provides SSL Termination and SSL Redirect for HTTPS.
The Ingress resource supports the following features:
- Content-based routing:
- Host-based routing. For example, routing requests with the host header
foo.example.comto one group of services and the host headerbar.example.comto another group. - Path-based routing. For example, routing requests with the URI that starts with
/serviceAto service A and requests with the URI that starts with/serviceBto service B.
- Host-based routing. For example, routing requests with the host header
See the Ingress User Guide to learn more about the Ingress resource.
The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations.
In the case of NGINX, the Ingress controller is deployed in a pod along with the load balancer.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
helm repo add nginx https://helm.nginx.com/stable
helm repo update
helm install nginx nginx/nginx-ingress
helm uninstall nginx
helm ls
kubectl get all
kubectl get svc
We include two options for deploying the Ingress controller:
- Deployment. Use a Deployment if you plan to dynamically change the number of Ingress controller replicas.
- DaemonSet. Use a DaemonSet for deploying the Ingress controller on every node or a subset of nodes.
Check that the Ingress Controller is Running Run the following command to make sure that the Ingress controller pods are running:
kubectl get pods --namespace=ingress-nginx
If you created a daemonset, ports 80 and 443 of the Ingress controller container are mapped to the same ports of the node where the container is running. To access the Ingress controller, use those ports and an IP address of any node of the cluster where the Ingress controller is running.
A service with the type LoadBalancer will be created as well. Kubernetes will allocate and configure a cloud load balancer for load balancing the Ingress controller pods.
For AWS, run:
kubectl apply -f service/loadbalancer-aws-elb.yaml
To get the DNS name of the ELB, run:
kubectl describe svc ingress-nginx --namespace=ingress-nginx
OR
kubectl get svc -n ingress-nginx
You can resolve the DNS name into an IP address using nslookup:
nslookup <dns-name>
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource-1
spec:
ingressClassName: nginx
rules:
- host: <DomainNameOne>
http:
paths:
# Default Backend (Root /)
- backend:
serviceName: <serviceName>
servicePort: 80apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource-1
spec:
ingressClassName: nginx
rules:
- host: <DomainNameOne>
http:
paths:
- backend:
serviceName: <serviceNameOne>
servicePort: 80
- host: <DomainNameTwo>
http:
paths:
- backend:
serviceName: <serviceNamTwo>
servicePort: 80 apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource-1
spec:
ingressClassName: nginx
rules:
- host: springboot.example.com
http:
paths:
# Default Path(/)
- backend:
serviceName: springboot
servicePort: 80
- path: /java-web-app
backend:
serviceName: javawebapp
servicePort: 80 Make sure you have services created in K8's with type ClusterIP for your applications. Which your are defining in Ingress Resource.
Delete the ingress-nginx namespace to uninstall the Ingress controller along with all the auxiliary resources that were created:
$ kubectl delete namespace ingress-nginx
Note: If RBAC is enabled on your cluster and you completed step 2, you will need to remove the ClusterRole and ClusterRoleBinding created in that step:
kubectl delete clusterrole ingress-nginx
kubectl delete clusterrolebinding ingress-nginx
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out mylandmark-ingress-tls.crt -keyout mylandmark-ingress-tls.key -subj "/CN=javawebapp.javawebapp.landmarkfintech.com/O=mylandmark-ingress-tls"
# Create secret for with your certificate .key & .crt file
kubectl create secret tls mylandmark-ingress-tls --namespace default --key mylandmark-ingress-tls.key --cert mylandmark-ingress-tls.crt
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource-1
spec:
tls:
- hosts:
- app.landmarkfintech.com
secretName: mylandmarktech-ingress-tls
ingressClassName: nginx
rules:
- host: app.landmarkfintech.com
http:
paths:
- backend:
serviceName: springapp
servicePort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-resource-1
spec:
ingressClassName: nginx
rules:
- host: landmarkfintech.com
secretName: mylandmarktech-ingress-tls
http:
paths:
# Default Path(/)
- backend:
serviceName: springapp
servicePort: 80
- path: /app
backend:
serviceName: webapp
servicePort: 80
- path: /java-web-app
backend:
serviceName: javawebapp
servicePort: 80
https://github.com/LandmakTechnology/kubernestes-ingress