Day 33 of Our 40-Day Series : Learning Kubernetes Ingress

Rahul VadakkiniyilRahul Vadakkiniyil
5 min read

Table of contents

Kubernetes (K8s) is a powerful system for managing containerized applications across a cluster of machines. One of the essential components of Kubernetes networking is Ingress, which controls how external users access services running in a cluster.

In this blog, we will explore what Kubernetes Ingress is, how it works, its key components, and its advantages. Let’s dive into the world of Ingress and how it helps you expose services effectively.

What is Kubernetes Ingress?

Ingress is a Kubernetes resource that allows you to define how external HTTP(S) traffic is routed to services within a Kubernetes cluster. It provides a way to expose your applications to the outside world through a single endpoint (e.g., domain name or IP address) and route traffic based on various rules such as path-based or host-based routing.

Unlike services of type NodePort or LoadBalancer, which expose services directly to the outside world, Ingress acts as an abstraction layer, giving more control over traffic management. It works in conjunction with an Ingress Controller, which processes the Ingress rules and manages the traffic routing.

Why Do We Need Kubernetes Ingress?

In a Kubernetes cluster, services are usually deployed inside pods, and by default, these services are only accessible within the cluster. When you need to expose these services to external users, you can use different options like NodePort, LoadBalancer, or Ingress.

  • NodePort: Opens a port on each node to expose the service, but it’s not ideal for managing large-scale or production-level traffic.

  • LoadBalancer: Provisions a cloud provider’s load balancer to expose the service, but it can be expensive and lacks fine-grained traffic management.

  • Ingress: Provides a more flexible and cost-effective way to manage and route HTTP(S) traffic to different services based on defined rules.

Ingress simplifies the management of exposing multiple services through a single load balancer or domain, reducing complexity and cost.

Key Components of Kubernetes Ingress

There are several core components involved in setting up and using Ingress in Kubernetes:

  1. Ingress Resource: This is a Kubernetes API object that defines the routing rules for the incoming traffic. It specifies:

    • Hostnames: The domain names for routing.

    • Paths: The URLs for routing traffic to specific services.

    • Backend services: Where the traffic should go based on the rules.

  2. Ingress Controller: The Ingress Controller is responsible for interpreting the Ingress resource and managing the traffic routing. It watches for Ingress resources in the cluster and configures a reverse proxy (or a similar component) to route traffic according to the defined rules.

    • Some popular Ingress Controllers are NGINX, HAProxy, Traefik, and Contour.

  3. Load Balancer: Typically, the Ingress Controller is exposed to the outside world via a load balancer (especially in cloud environments). This load balancer handles traffic at the network level and forwards it to the Ingress Controller.

  4. Certificates (Optional): For secure communication (HTTPS), you can configure TLS certificates on the Ingress resource. This allows you to handle encrypted traffic and route it securely to the backend services.

How Does Kubernetes Ingress Work?

Here's a simplified flow of how Ingress works:

  1. External Request: A user sends an HTTP(S) request to your application using a domain name or IP.

  2. Load Balancer: The request first hits a load balancer (if configured) that forwards the traffic to the Ingress Controller.

  3. Ingress Controller: The Ingress Controller inspects the request and determines which service it should route to based on the Ingress rules (host-based or path-based).

  4. Backend Services: Once the traffic is routed, it reaches the correct backend service (e.g., your application), which processes the request and returns a response.

Path-Based and Host-Based Routing

  • Path-Based Routing: Routes traffic based on the URL path. For example:

    • /app1 can route to Service A.

    • /app2 can route to Service B.

  • Host-Based Routing: Routes traffic based on the domain name. For example:

By combining these two types of routing, you can manage multiple services under a single domain and even use the same host for different services based on the path.

Example of Kubernetes Ingress

Here’s a simple example of an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /app1
        pathType: Prefix
        backend:
          service:
            name: service-app1
            port:
              number: 80
      - path: /app2
        pathType: Prefix
        backend:
          service:
            name: service-app2
            port:
              number: 80

In this example:

This allows you to expose multiple services under the same domain name and load balancer, reducing the infrastructure cost.

Advantages of Kubernetes Ingress

  1. Cost-Effective: Ingress allows multiple services to be exposed under a single load balancer, reducing the need for multiple external IPs.

  2. Flexibility: Supports both host-based and path-based routing, giving you fine-grained control over traffic distribution.

  3. Security: Ingress supports SSL/TLS termination, enabling secure communication over HTTPS.

  4. Simplified Architecture: Reduces the need for multiple NodePort or LoadBalancer services, simplifying your Kubernetes architecture.

Challenges with Kubernetes Ingress

While Ingress offers many advantages, there are a few challenges:

  • Ingress Controller Setup: You need to choose and configure an appropriate Ingress Controller, which can be complex depending on your environment (e.g., NGINX, HAProxy).

  • Limited Protocol Support: Ingress natively supports only HTTP and HTTPS. For other protocols, you may need additional configurations (e.g., TCP or UDP routing).

  • Cloud Provider Dependencies: Some cloud environments require specific Ingress Controllers or configurations.

Conclusion

Kubernetes Ingress is an essential tool for managing external traffic to services running in your Kubernetes cluster. It provides a flexible and cost-effective way to route HTTP(S) traffic, manage multiple services, and improve security with TLS termination. Understanding and leveraging Ingress will help you simplify your infrastructure while maintaining control over how your applications are exposed to the world.

For production environments, consider using a robust Ingress Controller, such as NGINX or Traefik, which offer additional features like load balancing, SSL offloading, and traffic shaping.

With Kubernetes Ingress, you can efficiently manage traffic and ensure that your applications remain accessible and scalable.

Reference:

Video: https://www.youtube.com/watch?v=kf3UjITS91M&list=PLl4APkPHzsUUOkOv3i62UidrLmSB8DcGC&index=36

Documentation: https://kubernetes.io/docs/concepts/services-networking/ingress/

1
Subscribe to my newsletter

Read articles from Rahul Vadakkiniyil directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#40daysofkubernetesKubernetesDevopsAWSAzureingressIngress Controllers

Written by

Rahul Vadakkiniyil
Rahul Vadakkiniyil