Updated on 2022-09-08 GMT+08:00

Ingress

Why We Need Ingresses

Services forward requests using layer-4 TCP and UDP protocols. Ingresses forward requests using layer-7 HTTP and HTTPS protocols. Domain names and paths can be used to achieve finer granularities.

Figure 1 Ingress and Service

Ingress Working Mechanism

To use ingresses, you must install Ingress Controller on your Kubernetes cluster. Ingress Controller can be implemented in multiple modes. The most common one is NGINX Ingress Controller maintained by Kubernetes. In HUAWEI CLOUD, Cloud Container Engine (CCE) works with Elastic Load Balance (ELB) to implement layer-7 load balancing (via ingresses).

An external request is first sent to Ingress Controller. Then, Ingress Controller locates the corresponding Service based on the routing rule of an ingress, queries the IP address of the pod through the Endpoint, and forwards the request to the pod.

Figure 2 Ingress working mechanism

Creating an Ingress

In the following example, an ingress that uses the HTTP protocol, associates with backend Service nginx:8080, and uses a load balancer (specified by metadata.annotations) is created. After the request for accessing http://192.168.10.155:8080/test is initiated, the traffic is forwarded to Service nginx:8080, which in turn forwards the traffic to the corresponding pod.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    kubernetes.io/ingress.class: cce
    kubernetes.io/elb.port: '8080'
    kubernetes.io/elb.ip: 192.168.10.155
    kubernetes.io/elb.id: aa7cf5ec-7218-4c43-98d4-c36c0744667a
spec:
  rules:
  - host: ''
    http:
      paths:
      - backend:
          serviceName: nginx
          servicePort: 8080
        path: "/test"
        property:
          ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH

You can also set the external domain name in an ingress so that you can access the load balancer through the domain name and then access backend Services.

Domain name-based access depends on domain name resolution. You need to point the domain name to the IP address of the load balancer. For example, you can use to resolve domain names.

spec:
  rules:
  - host: www.example.com       # Domain name
    http:
      paths:
      - path: /
        backend:
          serviceName: nginx
          servicePort: 80

Accessing Multiple Services

An ingress can access multiple Services at the same time. The configuration is as follows:

  • When you access http://foo.bar.com/foo, the backend Service s1:80 is accessed.
  • When you access http://foo.bar.com/bar, the backend Service s2:80 is accessed.
spec:
  rules:
  - host: foo.bar.com          # Host address
    http:
      paths:
      - path: "/foo"
        backend:
          serviceName: s1
          servicePort: 80
      - path: "/bar"
        backend:
          serviceName: s2
          servicePort: 80