Introduction
In Kubernetes, an Ingress Controller is a specialized load balancer for managing external access to services within a cluster, typically HTTP and HTTPS traffic. It provides a way to define rules for routing traffic to different services based on the request's host and path.
Key Concepts
- Ingress Resource: A collection of rules that allow inbound connections to reach the cluster services.
- Ingress Controller: A daemon that watches the Kubernetes API server for updates to Ingress resources and configures the load balancer accordingly.
Why Use Ingress Controllers?
- Centralized Management: Manage all external access to services in a single place.
- Path-based Routing: Route traffic to different services based on URL paths.
- Host-based Routing: Route traffic to different services based on the host header.
- SSL Termination: Terminate SSL/TLS at the ingress point, reducing the need for individual services to handle encryption.
Common Ingress Controllers
- NGINX Ingress Controller: A popular choice for its robustness and extensive features.
- Traefik: Known for its simplicity and dynamic configuration capabilities.
- HAProxy: Offers high performance and advanced load balancing features.
- Istio: Provides advanced traffic management, security, and observability.
Setting Up an Ingress Controller
Step 1: Install the Ingress Controller
For this example, we'll use the NGINX Ingress Controller.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
Step 2: Verify the Installation
Check that the Ingress Controller pods are running:
You should see something like:
Step 3: Create an Ingress Resource
Create a file named ingress.yaml with the following content:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
namespace: default
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80Apply the Ingress resource:
Step 4: Update DNS
Ensure that the DNS for example.com points to the external IP of the Ingress Controller. You can find the external IP by running:
Practical Example
Let's create a simple web application and expose it using an Ingress resource.
Step 1: Deploy a Sample Application
Create a deployment for a sample web application:
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp
spec:
replicas: 2
selector:
matchLabels:
app: webapp
template:
metadata:
labels:
app: webapp
spec:
containers:
- name: webapp
image: nginx
ports:
- containerPort: 80Apply the deployment:
Create a service to expose the deployment:
apiVersion: v1
kind: Service
metadata:
name: webapp-service
spec:
selector:
app: webapp
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIPApply the service:
Step 2: Create an Ingress Resource
Create an Ingress resource to expose the web application:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webapp-ingress
spec:
rules:
- host: webapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webapp-service
port:
number: 80Apply the Ingress resource:
Step 3: Test the Ingress
Update your local /etc/hosts file to point webapp.example.com to the external IP of the Ingress Controller. Then, open a browser and navigate to http://webapp.example.com. You should see the default NGINX welcome page.
Exercises
Exercise 1: Create an Ingress Resource
- Deploy a new application using the following image:
httpd:latest. - Create a service to expose the application on port 80.
- Create an Ingress resource to expose the application at
httpd.example.com.
Solution
- Deploy the application:
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd
spec:
replicas: 2
selector:
matchLabels:
app: httpd
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: httpd:latest
ports:
- containerPort: 80Apply the deployment:
- Create the service:
apiVersion: v1
kind: Service
metadata:
name: httpd-service
spec:
selector:
app: httpd
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIPApply the service:
- Create the Ingress resource:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: httpd-ingress
spec:
rules:
- host: httpd.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: httpd-service
port:
number: 80Apply the Ingress resource:
Conclusion
In this section, we covered the basics of Ingress Controllers in Kubernetes, including their purpose, common types, and how to set one up using the NGINX Ingress Controller. We also walked through a practical example of deploying a web application and exposing it using an Ingress resource. Finally, we provided an exercise to reinforce the concepts learned.
In the next section, we will delve into Network Policies and how they can be used to secure communication within your Kubernetes cluster.
Kubernetes Course
Module 1: Introduction to Kubernetes
- What is Kubernetes?
- Kubernetes Architecture
- Key Concepts and Terminology
- Setting Up a Kubernetes Cluster
- Kubernetes CLI (kubectl)
Module 2: Core Kubernetes Components
Module 3: Configuration and Secrets Management
Module 4: Networking in Kubernetes
Module 5: Storage in Kubernetes
Module 6: Advanced Kubernetes Concepts
Module 7: Monitoring and Logging
- Monitoring with Prometheus
- Logging with Elasticsearch, Fluentd, and Kibana (EFK)
- Health Checks and Probes
- Metrics Server
Module 8: Security in Kubernetes
Module 9: Scaling and Performance
Module 10: Kubernetes Ecosystem and Tools
Module 11: Case Studies and Real-World Applications
- Deploying a Web Application
- CI/CD with Kubernetes
- Running Stateful Applications
- Multi-Cluster Management