Help Center/ Cloud Container Engine/ Kubernetes Basics/ Kubernetes Networking/ Ingresses
Updated on 2024-10-10 GMT+08:00
View PDF
Share

Ingresses

Overview

Services forward requests using layer-4 TCP and UDP protocols. Ingresses forward requests using layer-7 HTTP and HTTPS protocols. Domain names and paths can be used to achieve finer granularities.

Figure 1 Ingress and Service

Ingress Working Rules

To use ingresses, you must install Ingress Controller on your Kubernetes cluster. There are different implementations for an Ingress Controller. The most common one is Nginx Ingress Controller maintained by Kubernetes. CCE works with Elastic Load Balance (ELB) to implement layer-7 load balancing (ingresses).

An external request is first sent to Ingress Controller. Then, Ingress Controller locates the corresponding Service based on the routing rule of an ingress, queries the IP address of the pod through the Endpoint, and forwards the request to the pod.

Figure 2 Ingress working rules

Creating an Ingress

In the following example, an ingress that uses the HTTP protocol, associates with backend Service nginx:8080, and uses a load balancer (specified by metadata.annotations) is created. After the request for accessing http://192.168.10.155:8080/ is initiated, the traffic is forwarded to Service nginx:8080, which in turn forwards the traffic to the corresponding pod.

The following is an example (applicable to clusters of v1.23 or later): 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    kubernetes.io/elb.class: union
    kubernetes.io/elb.port: '8080'
    kubernetes.io/elb.id: aa7cf5ec-7218-4c43-98d4-c36c0744667a
spec:
  rules:
    - host: ''
      http:
        paths:
          - path: /
            backend:
              service:
                name: nginx
                port:
                  number: 8080
            property:
              ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH
            pathType: ImplementationSpecific
  ingressClassName: cce

You can also set the external domain name in an ingress so that you can access the load balancer through the domain name and then access backend Services.

Domain name-based access depends on domain name resolution. You need to point the domain name to the IP address of the load balancer. For example, you can use Domain Name Service (DNS) to resolve domain names.

...
spec:
  rules:
    - host: www.example.com       # Domain name
      http:
        paths:
          - path: /
            backend:
              service:
                name: nginx
                port:
                  number: 8080
...

Accessing Multiple Services

An ingress can access multiple Services at the same time. The configuration is as follows:

  • When you access http://foo.bar.com/foo, the backend Service s1:80 is accessed.
  • When you access http://foo.bar.com/bar, the backend Service s2:80 is accessed.

The path in the ingress forwarding policy must exist in the backend application. Otherwise, the forwarding fails.

For example, the default access path of the Nginx application is /usr/share/nginx/html. If you add /test to the ingress forwarding policy, make sure that the access path of your Nginx application includes /usr/share/nginx/html/test. Otherwise, you will receive an error 404.

...
spec:
  rules:
  - host: foo.bar.com          # Host address
      http:
        paths:
          - path: "/foo"
            backend:
              service:
                name: s1
                port:
                  number: 80
          - path: "/bar"
            backend:
              service:
                name: s2
                port:
                  number: 80
...
Parent topic: Kubernetes Networking