Kubernetes - Using Ingress for HTTP and HTTPS Routing
Services and Networking in Kubernetes
Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers. This guide provides an understanding of Ingress, a key component in Kubernetes for managing HTTP and HTTPS routing.
Key Points:
- Ingress allows you to expose HTTP and HTTPS routes from outside the cluster to services within the cluster.
- It provides load balancing, SSL termination, and name-based virtual hosting.
- Ingress is managed by an Ingress controller, which implements the rules defined in Ingress resources.
What is Ingress?
Ingress is an API object that manages external access to services in a cluster, typically HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting. It allows you to consolidate your routing rules into a single resource and provide a single point of access to your services.
# Example of an Ingress definition
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
Creating and Managing Ingress
Here are some basic commands to create and manage Ingress resources:
# Create an Ingress
kubectl apply -f ingress.yaml
# View details of an Ingress
kubectl describe ingress example-ingress
# List all Ingress resources
kubectl get ingress
# Delete an Ingress
kubectl delete ingress example-ingress
Ingress Controllers
Ingress resources do not function on their own. An Ingress controller is required to implement the rules defined in the Ingress. Popular Ingress controllers include NGINX, Traefik, and HAProxy.
# Example of deploying the NGINX Ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
SSL/TLS Termination
Ingress can be used to terminate SSL/TLS connections, providing secure HTTPS access to your services. You need to create a Secret containing the TLS certificate and key, and reference it in your Ingress resource.
# Create a TLS Secret
kubectl create secret tls example-tls --cert=path/to/cert.crt --key=path/to/cert.key
# Example of an Ingress with TLS termination
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
tls:
- hosts:
- example.com
secretName: example-tls
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
Advanced Ingress Features
Ingress resources support various advanced features:
- Rewrite Targets: Modify the path of incoming requests before forwarding them to the backend service.
- Custom Annotations: Configure additional settings for the Ingress controller using annotations.
- Backend Weights: Distribute traffic across multiple backends with different weights.
Best Practices
Follow these best practices when working with Ingress resources:
- Secure Ingress Access: Use SSL/TLS termination to secure external access to your services.
- Monitor Ingress Performance: Regularly monitor the performance and health of your Ingress controller and resources.
- Organize Routing Rules: Keep your routing rules organized and use descriptive names for your Ingress resources.
- Use Annotations Wisely: Leverage annotations to fine-tune the behavior of your Ingress controller.
Conclusion
This guide provided an overview of Ingress in Kubernetes, including its creation, management, and best practices. By understanding and using Ingress effectively, you can manage HTTP and HTTPS routing for your applications, ensuring secure and efficient access to your services.