DEV Community

Cover image for Kubernetes Ingress Explained
Avesh
Avesh

Posted on

Kubernetes Ingress Explained

#kubernetes #devops #100daysofcode #beginners

Introduction to Kubernetes Ingress

Modern cloud-native applications demand sophisticated networking to handle traffic efficiently. Kubernetes Ingress provides a solution for managing external access to your cluster services, offering features like URL-based routing, SSL/TLS termination, and load balancing. Without Ingress, you rely on NodePort or LoadBalancer services, which lack the flexibility and scalability required for complex applications. Ingress simplifies exposing services with controlled routing and enhanced capabilities.

Understanding Ingress Components

Kubernetes Ingress operates within a robust ecosystem of interconnected components:

  • Ingress Controller: The core entity that processes Ingress rules and manages traffic flow. Popular options include NGINX, Traefik, and Istio.
  • Ingress Resource: The Kubernetes object defining routing rules, such as hostnames and paths.
  • Services and Pods: Backend services and pods receive traffic directed by Ingress rules.

Relationships: The Ingress Controller watches Ingress Resources and translates their configurations into underlying routing rules, directing requests to the appropriate service and pods.

Ingress Controller: The Backbone of Ingress

An Ingress Controller is a specialized load balancer for Kubernetes that enforces the rules specified in the Ingress Resources.

Popular Ingress Controllers:

  1. NGINX: A widely-used option known for simplicity and performance.
  2. Traefik: Excellent for dynamic configurations and microservices.
  3. Istio: A service mesh solution that includes robust Ingress capabilities.

Selection Tips:

  • Choose NGINX for general use.
  • Opt for Traefik in microservices-heavy setups.
  • Use Istio for advanced service mesh scenarios.

Configuring Ingress Resources

Basic YAML Example 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
  tls:
  - hosts:
    - example.com
    secretName: example-tls
Enter fullscreen mode Exit fullscreen mode

Key Features:

  • Host-based routing: Directs traffic based on domains.
  • Path-based routing: Routes requests to specific paths.
  • TLS termination: Enables secure connections.

Advanced Ingress Concepts

  1. Annotations: Customize Ingress behavior (e.g., enabling rate limiting, custom headers).
  2. Ingress Rules: Specify fine-grained routing, combining hosts and paths.
  3. Ingress Classes: Facilitate multi-tenancy by associating specific controllers with certain Ingress Resources.

Example: Custom Annotations for Security 

metadata:
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/24"
Enter fullscreen mode Exit fullscreen mode

Hands-On Tutorial: Setting up Ingress

Prerequisites:

  • Kubernetes cluster (minikube, kind, or cloud-based).
  • kubectl installed.

Step 1: Install NGINX Ingress Controller 

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
Enter fullscreen mode Exit fullscreen mode

Step 2: Deploy a Sample App 

kubectl create deployment demo-app --image=nginx
kubectl expose deployment demo-app --port=80 --target-port=80
Enter fullscreen mode Exit fullscreen mode

Step 3: Create an Ingress Resource

Apply the earlier YAML example. Access your app using the domain (example.com) via a configured DNS or /etc/hosts entry.

Ingress Troubleshooting and Best Practices

Common Issues:

  1. 404 Errors: Ensure Ingress rules and paths match your services.
  2. SSL Issues: Verify the TLS secret and Ingress configuration.

Best Practices:

  • Monitor Metrics: Use tools like Prometheus and Grafana.
  • Optimize Performance: Leverage caching and compression.
  • Ensure High Availability: Deploy multiple Ingress Controllers.

Ingress and Service Mesh Integration

Integrating Ingress with a Service Mesh like Istio combines external traffic routing with advanced internal networking features like traffic splitting and policy enforcement.

Example: Istio Gateway and VirtualService 

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  name: example-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
  - port:
      number: 80
      name: http
      protocol: HTTP
    hosts:
    - "example.com"
Enter fullscreen mode Exit fullscreen mode

Ingress in Production Environments

Considerations:

  1. Scalability: Use Horizontal Pod Autoscalers for Ingress Controllers.
  2. Security: Regularly update your Ingress Controller.
  3. Monitoring: Implement tools like Kiali and Grafana for visualization.

Conclusion and Future Trends

Mastering Kubernetes Ingress empowers developers and DevOps engineers to deliver resilient, scalable applications. Emerging trends, such as gateway APIs and deeper integration with service meshes, will further enhance Kubernetes networking.

Further Learning:

This article equips you with a strong foundation and practical insights into Kubernetes Ingress, empowering you to build robust, production-grade deployments!

Top comments (0)

Read next

kshitij3d profile image

15 ways to use Jenkins for Continuous Integration (CI) with examples

Kshitij -

michymono77 profile image

Getting Started with Object-Oriented Design (Part 1): Shifting from Process-Oriented to Object-Oriented Thinking

Michiharu Ono -

devshefali profile image

Mastering Tuples in Python: A Comprehensive Guide

Shefali -

tobychui profile image

Zoraxy vs Nginx Proxy Manager

Toby Chui -