Using Ingress Controllers for External Traffic

Introduction

In this tutorial, our primary goal is to delve into the use of Ingress controllers to manage access to services in your Kubernetes cluster from the internet. By the end of this tutorial, you will learn how to set up and configure Ingress for your applications.

Prerequisites:
- Basic knowledge of Kubernetes
- A working Kubernetes cluster

Step-by-Step Guide

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Understanding Ingress

Ingress can provide load balancing, SSL termination and name-based virtual hosting. Technically, Ingress is NOT a type of service but acts as the entry point for your cluster. It lets you consolidate your routing rules into a single resource as it can expose multiple services under the same IP address.

The Ingress Controller

To utilize the Ingress resource, the cluster must have an Ingress controller. Unlike other types of controllers which run as part of the kube-controller-manager binary, Ingress controllers are not started automatically with a cluster. Use Helm, the package manager for Kubernetes, to deploy an Ingress controller.

Code Examples

Example: Deploying the Nginx Ingress Controller

Below is an example of how to set up the Nginx Ingress Controller using Helm:

# Add the official stable repository
helm repo add stable https://charts.helm.sh/stable

# Use Helm to deploy an NGINX ingress controller
helm install my-nginx stable/nginx-ingress --set rbac.create=true

The above commands set up an Nginx Ingress Controller in the cluster.

Example: Setting up an Ingress Resource

After deploying the Ingress Controller, you can now set up an Ingress Resource. For instance, to expose a service named my-service on mydomain.com, you could use:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: mydomain.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: my-service
            port:
              number: 80

The nginx.ingress.kubernetes.io/rewrite-target annotation indicates that all traffic coming to mydomain.com should be directed to the service my-service.

Summary

We've covered how to set up an Ingress Controller and Ingress Resource in a Kubernetes cluster. You've learned how to expose your services to external traffic and how to route this traffic to different services.

For further learning, consider exploring other types of Ingress Controllers such as Traefik or HAProxy and their specific features.

Practice Exercises

1. Exercise 1: Set up an Ingress Controller using a different provider, like Traefik.
2. Exercise 2: Create an Ingress Resource that routes traffic to two different services based on the path.

Solutions

1. Solution 1: Refer to the official Traefik documentation on how to set it up as an Ingress Controller. Ensure it's working correctly by routing traffic to a test service.
2. Solution 2: You can create an Ingress Resource with two paths as shown below:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
  - host: mydomain.com
    http:
      paths:
      - pathType: Prefix
        path: "/service1"
        backend:
          service:
            name: service1
            port:
              number: 80
      - pathType: Prefix
        path: "/service2"
        backend:
          service:
            name: service2
            port:
              number: 80

This example directs traffic coming to mydomain.com/service1 to service1 and mydomain.com/service2 to service2.