Help Center> Cloud Container Instance (CCI)> Developer Guide> Managing Network Access Through Service and Ingress> Ingress
View PDF

Ingress

The previous section describes how to create a LoadBalancer Service that uses an enhanced load balancer to access pods.

Services forward requests based on the layer-4 TCP and UDP protocols. Ingresses can forward requests based on the layer-7 HTTP and HTTPS protocols. Domain names and paths can be used to achieve finer granularities, as shown in the following figure.

Figure 1 Ingress-Service

In CCI, external access is implemented by binding the enhanced load balancer's IP address and port number to an ingress, as shown in Figure 2.

Figure 2 Ingress

Enhanced Load Balancers

Ingresses can be bound to enhanced load balancers. You can create an enhanced load balancer by using the API or the ELB console.

Enhanced load balancers can be divided into private network load balancers and public network load balancers based on IP addresses. The difference is that a public IP address is bound to a public network load balancer. You can select load balancers as required.

Creating an Ingress

In the following example, the HTTP protocol is used and the associated backend is nginx:8080. When http://10.10.10.10:6071/ is accessed, the traffic is forwarded to the Service corresponding to nginx:8080, and then to the corresponding pod. 
apiVersion: extensions/v1beta1                                   # Ingress version
kind: Ingress
metadata:
  name: nginx
  labels:
    app: nginx
    isExternal: "true"   # This parameter is mandatory and must be set to true.
    zone: data         # Data plane mode. This parameter is mandatory and must be set to data.
  annotations:
    kubernetes.io/elb.id: 2d48d034-6046-48db-8bb2-53c67e8148b5   # ID of the enhanced load balancer. This parameter is mandatory.
    kubernetes.io/elb.ip: 192.168.137.182                        # IP address of the enhanced load balancer. This parameter is optional.
    kubernetes.io/elb.port: '6071'                               # Port number of the enhanced load balancer. This parameter is mandatory.
spec:
  rules:                                                         # Routing rules
  - http:                                                        # Using HTTP protocol
      paths:
      - path: /                                                  # Route
        backend:
          serviceName: nginx                                     # Name of the Service to which requests are forwarded
          servicePort: 8080                                      # Port of the Service to which requests are forwarded

You can also set the external domain name in an ingress so that you can access the enhanced load balancer through the domain name and then access backend Services.

Domain name access depends on domain name resolution. You need to point the domain name to the IP address of the enhanced load balancer. For example, you can use Domain Name Service (DNS) to resolve domain names.

spec:
  rules:
  - host: www.example.com       # Domain name
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx
          servicePort: 80

Accessing Multiple Services

An ingress can access multiple Services at the same time. The configuration is as follows:

  • When accessing http://foo.bar.com/foo, you access the backend s1:80.
  • When accessing http://foo.bar.com/bar, you access the backend s2:80.
spec:
  rules:
  - host: foo.bar.com          # Host address
    http:
      paths:
      - path: "/foo"
        backend:
          serviceName: s1
          servicePort: 80
      - path: "/bar"
        backend:
          serviceName: s2
          servicePort: 80