Ingress Controllers | Networking | Kubernetes Tutorial

Introduction

Ingress controllers in Kubernetes manage the routing of HTTP and HTTPS traffic to services within a cluster. They provide a way to expose applications to the internet and handle features like SSL termination, load balancing, and path-based routing. This guide provides an intermediate-level overview of using Ingress controllers for HTTP and HTTPS routing in Kubernetes.

Key Points:

Ingress controllers manage HTTP and HTTPS traffic routing to Kubernetes services.
They provide advanced features such as SSL termination, load balancing, and path-based routing.
Popular Ingress controllers include NGINX, Traefik, and HAProxy.

What is an Ingress Controller?

An Ingress controller is a specialized load balancer that manages external access to services in a Kubernetes cluster, typically HTTP and HTTPS traffic. It reads the Ingress resource information and processes it, handling the routing of requests to the appropriate backend services based on the rules defined in the Ingress resources.

Popular Ingress Controllers

Several Ingress controllers are commonly used in Kubernetes clusters:

NGINX Ingress Controller: A widely used Ingress controller that leverages NGINX as the underlying proxy server.
Traefik: A dynamic and modern reverse proxy that integrates with Kubernetes and provides automatic configuration.
HAProxy Ingress Controller: An Ingress controller that uses HAProxy to provide high-performance load balancing.

Installing an Ingress Controller

To install an Ingress controller, follow the installation instructions provided by the controller's documentation. Here is an example of installing the NGINX Ingress Controller:

# Install NGINX Ingress Controller using Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace

# Verify the installation
kubectl get pods -n ingress-nginx

Creating an Ingress Resource

An Ingress resource defines how HTTP and HTTPS traffic should be routed to services within the cluster. Here is an example of creating an Ingress resource:

# Example of an Ingress resource (ingress.yaml)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  namespace: default
spec:
  rules:
  - host: my-app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

# Apply the Ingress resource
kubectl apply -f ingress.yaml

# Verify the Ingress resource
kubectl get ingress

Configuring SSL Termination

Ingress controllers can handle SSL termination, decrypting HTTPS traffic and forwarding it to services as HTTP. Here is an example of configuring SSL termination with the NGINX Ingress Controller:

# Create a TLS secret (tls-secret.yaml)
apiVersion: v1
kind: Secret
metadata:
  name: tls-secret
  namespace: default
data:
  tls.crt: 
  tls.key: 
type: kubernetes.io/tls

# Apply the TLS secret
kubectl apply -f tls-secret.yaml

# Create an Ingress resource with TLS (ingress-tls.yaml)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress-tls
  namespace: default
spec:
  tls:
  - hosts:
    - my-app.example.com
    secretName: tls-secret
  rules:
  - host: my-app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

# Apply the Ingress resource with TLS
kubectl apply -f ingress-tls.yaml

# Verify the Ingress resource with TLS
kubectl get ingress

Advanced Ingress Configurations

Ingress controllers support advanced configurations for traffic routing, including:

Path-based Routing: Route traffic to different services based on URL paths.
Host-based Routing: Route traffic to different services based on the host header.
Rewrite Rules: Rewrite URLs before forwarding requests to backend services.
Rate Limiting: Limit the rate of requests to prevent abuse and ensure fair usage.
Custom Annotations: Use custom annotations to configure specific behaviors and settings for Ingress resources.

# Example of an advanced Ingress configuration (advanced-ingress.yaml)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: advanced-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/limit-rps: "10"
spec:
  rules:
  - host: my-app.example.com
    http:
      paths:
      - path: /v1
        pathType: Prefix
        backend:
          service:
            name: v1-service
            port:
              number: 80
      - path: /v2
        pathType: Prefix
        backend:
          service:
            name: v2-service
            port:
              number: 80

# Apply the advanced Ingress resource
kubectl apply -f advanced-ingress.yaml

# Verify the advanced Ingress resource
kubectl get ingress

Best Practices

Follow these best practices when using Ingress controllers in Kubernetes:

Secure Ingress Traffic: Use TLS to encrypt traffic between clients and the Ingress controller.
Monitor Performance: Continuously monitor the performance of the Ingress controller to detect and resolve issues.
Use Health Checks: Configure health checks to ensure that backend services are healthy and available.
Optimize Configurations: Optimize Ingress configurations for performance and scalability based on your workload requirements.
Keep Controllers Updated: Regularly update your Ingress controllers to benefit from new features and security fixes.

Conclusion

This guide provided an overview of using Ingress controllers for HTTP and HTTPS routing in Kubernetes, including installation, creating Ingress resources, configuring SSL termination, advanced configurations, and best practices. By leveraging Ingress controllers, you can efficiently manage and route traffic to your Kubernetes services.

Kubernetes - Using Ingress Controllers