Skip to content

Kubernetes Ingress

External Service vs. Ingress

  • external service is good for testing

  • it needs a port to be accompanied which is not good for final product

  • ingress on the other hand allows for secure, domain based connection

  • default ports can be used so client does not need to type in the port number
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: myapp-ingress
spec:
    rules: # routing rules
    - host: myhapp.com # this is a proper domain name, that should be mapped to node's ip address which is the entrypoint
      http:
        paths: # any url path
        - pathType: Prefix
          path: /
          backend:
            service:
                name: myapp-internal-service # internal service that's created with deployment of the pod
                port: 
                    number: 8080

Ingress also requires an ingress controller which is a separate app installed on pod(s)

  • evaluate all the rules
  • manages redirections
  • entrypoint to cluster
  • many third-party implementations
    • K8s nginx ingress controller (from Kubernetes)

Cloud providers will have their own load balancer for their cloud K8s solutions most likely

In basic terms, you would generally:

  • have a proxy or load balancer exposed to the internet with ports 80/443 open
  • which will proxy the request to ingress controller
  • which then evaluates the rules and
  • transfer to the ingress

Azure: App Gateway ---> Ingress Controller

Ingress Controller for Minikube

minikube addons enable ingress

  • automatically starts the K8s Nginx implementation of Ingress Controller

Adding HTTPs or TLS to Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: myapp-ingress
spec:
    tls:
    - hosts:
        - myapp.com
        secretName: myapp-secret-tls
    rules: # routing rules
    - host: myapp.com # this is a proper domain name, that should be mapped to node's ip address which is the entrypoint
      http:
        paths: # any url path
        - pathType: Prefix
          path: /
          backend:
            service:
                name: myapp-internal-service # internal service that's created with deployment of the pod
                port: 
                    number: 8080

apiVersion: v1
kind: Secret
metadata:
    name: myapp-secret-tsl
data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
type: kubernetes.io/tls

MiniKube Dashboard Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: dashboard-ingress
    namespace: kubernetes-dashboard # kubectl get ns
spec:
    rules:
    - host: buildserver01.itnoobs.local
      http:
        paths:
        - pathType: Prefix
          path: /
          backend:
            service:
                name: kubernetes-dashboard # kubectl get all -n kubernetes-dashboard
                port:
                    number: 80