Using Nginx Ingresses on the Console

Prerequisites

• An ingress provides network access for backend workloads. Ensure that a workload is available in a cluster. If no workload is available, deploy a workload by referring to Creating a Deployment, Creating a StatefulSet, or Creating a DaemonSet.

Precautions

• Do not modify any configuration of a load balancer on the ELB console. Otherwise, the Service will be abnormal. If you have modified the configuration, uninstall the nginx-ingress add-on and reinstall it.
• The URL registered in an ingress forwarding policy must be the same as the URL exposed by the backend Service. Otherwise, a 404 error will be returned.
• The selected or created load balancer must be in the same VPC as the current cluster, and it must match the load balancer type (private or public network).
• The load balancer has at least two listeners, and ports 80 and 443 are not occupied by listeners.

Creating an Nginx Ingress

This section uses an Nginx workload as an example to describe how to create an Nginx ingress.

1. Log in to the CCE console.
2. In the navigation pane, choose Resource Management > Network. On the Ingresses tab page, select the corresponding cluster and namespace.
3. Click Create Ingress to access the ingress configuration page.
   Set the ingress parameters as required. The key parameters are as follows:

   • Access Type: Use a load balancer to access Services.
   • Ingress Name: Specify a name of an ingress, for example, nginx-ingress-demo.
   • Cluster Name: Select the cluster to which the ingress is to be added.
   • Namespace: Select the namespace to which the ingress is to be added.
   • nginx-ingress: This option is displayed only when the nginx-ingress add-on has been installed in the cluster.
     After you switch on , nginx-ingress is interconnected to provide layer-7 access. You can configure the following parameters:

     Table 1 Nginx configuration parameters

     Parameter	Description
     Front-End Protocol	HTTP and HTTPS are supported.
     External Port	Listening port reserved for installing the nginx-ingress add-on. The port number is 80 for HTTP and 443 for HTTPS.
     Server Certificate	When creating an HTTPS listener, you need to bind an IngressTLS certificate to support encrypted authentication for HTTPS data transmission. For details on how to create a secret, see Creating a Secret.
     Timeout	Timeout period that the client establishes a connection with the proxy server.
     Redirected To	Address to which all workload content is to be redirected, for example, https://www.example.com/.
     Custom Settings	The value is in the format of key:value. You can use annotations to query the configurations supported by nginx-ingress.

   • Forwarding Policies: When the access address of a request matches the forwarding policy (a forwarding policy consists of a domain name and URL), the request is forwarded to the corresponding target Service for processing. Click Add Forwarding Policies to add multiple forwarding policies.
     • Domain Name: actual domain name. Ensure that the entered domain name has been registered and archived. After the ingress is created, bind the domain name to the IP address of the automatically created load balancer (IP address of the ingress access address). If a domain name rule is configured, the domain name must always be used for access.
     • Rule Matching
       • Prefix match: If the URL is set to /healthz, the URL that meets the prefix can be accessed. For example, /healthz/v1 and /healthz/v2.
       • Exact match: The URL can be accessed only when it is fully matched. For example, if the URL is set to /healthz, only /healthz can be accessed.
       • Regular expression: The URL is matched based on the regular expression. For example, if the regular expression is /[A-Za-z0-9_.-]+/test, all URLs that comply with this rule can be accessed, for example, /abcA9/test and /v1-Ab/test. Two regular expression standards are supported: POSIX and Perl.
     • URL: access path to be registered, for example, /healthz.
     • Target Service: Select an existing Service or create a Service. Services that do not meet search criteria are automatically filtered out.
     • Service Access Port: Select the access port of the target Service.
     • Operation: Click Delete to delete the configuration.

4. After the configuration is complete, click Create.

   After the ingress is created, it is displayed in the ingress list.

Updating an Ingress

After adding an ingress, you can update its port, domain name, and route configuration.

You can modify the load balancer settings, including algorithm, sticky session, and health check configurations, after you select a Service in Forwarding Policies on the CCE console. Do not modify these configurations on the ELB console.

1. Log in to the CCE console. In the navigation pane, choose Resource Management > Network. On the Ingresses tab page, filter ingresses by cluster and namespace, and click Update for the ingress to be updated.
2. On the Update Ingress page, modify the required parameters.
3. Click Submit to update the ingress.