DEV Community

loading...
Cover image for Expose your app to the Internet using Ingress Controller & save 1000s of dollars on AWS Load Balancer

Expose your app to the Internet using Ingress Controller & save 1000s of dollars on AWS Load Balancer

rajeshgheware profile image Rajesh Gheware ・4 min read

Do you have many internet-facing applications and worried about the cost of Load Balancer? Well, this article will help you expose your applications to the Internet using a single Load Balancer saving you hundreds of dollars.

What is Ingress?

Let us first understand what Ingress is. An Ingress is an API object that manages external access to the services in a cluster and may provide load balancing, SSL termination and name-based virtual hosting.

Alt Text

Source: kubernetes.io

You will see how Load Balancing, SSL termination, and Name-based virtual hosting work as I take you through the article with examples.

What is Ingress Controller?

While traffic routing rules are defined by Ingress, those are fulfilled by Ingress Controller.

If you don't have an Ingress Controller running in your cluster, then you can run the one using the below commands.

helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
helm install --name ingress nginx-stable/nginx-ingress
Enter fullscreen mode Exit fullscreen mode

You may also choose to install Ingress Controller from any of the ones listed here https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/

Example - Weather App

Let me demonstrate the above using the weather app. This app provides weather info for the selected city. This is a tiny app with an embedded database and a simple page to serve the users.

Below is the YAML for deploying the app.

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: weather
  name: weather
spec:
  replicas: 1
  selector:
    matchLabels:
      app: weather
  template:
    metadata:
      labels:
        app: weather
    spec:
      containers:
      - image: brainupgrade/weather:monolith
        name: weather
        ports:
        - containerPort: 8080
Enter fullscreen mode Exit fullscreen mode

Once the app is deployed & running in the Kubernetes cluster, we can create a service so that requests to the application can be proxied to the application pod.

apiVersion: v1
kind: Service
metadata:
  name: weather-service
spec:
  type: ClusterIP
  ports:
    - name: app
      port: 80
      targetPort: 8080
  selector:
    app: weather
Enter fullscreen mode Exit fullscreen mode

Now it is time to wire the app using Ingress definition. See below:

apiVersion: networking.k8s.io/v1beta1 
kind: Ingress
metadata:
  name: weather.brainupgrade.in
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/use-regex: "true"
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    kong.ingress.kubernetes.io/force-ssl-redirect: "true"
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - weather.brainupgrade.in
    secretName: weather.brainupgrade.in
  rules:
    - host: weather.brainupgrade.in
      http:
        paths:
          - path: /
            backend:
              serviceName: weather-service
              servicePort: 80
Enter fullscreen mode Exit fullscreen mode

The moment you deploy the above Ingress definition, the Ingress Controller in your cluster will implement the rules you specified and Voila! your app is now an Internet Application!

Load Balancing

All the application workloads i.e. pods associated with the service act as backends to the Ingress. Ingress proxies internet requests to the Service that routes the requests to any of the pods using rudimentary round-robin algorithm thus doing Load Balancing.

SSL Termination

Internet facing applications mostly have SSL enabled (HTTPS URL). When requests land in the cluster, further routing of requests within the cluster may not need SSL and to gain more performance, SSL is terminated at the Ingress level.

Name based Virtual Hosting

This technique has been used by many web servers (apache, nginx etc) wherein requests for multiple domains are routed to the same server.

In the Kubernetes world, using the Ingress definition this concept is further extended to route requests for multiple domains to the relevant app components that usually run on many servers / nodes.

See the example below:

Alt Text

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: name-based-vhosts
spec:
  rules:
  - host: weather-v1.brainupgrade.in
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: weather-v1
            port:
              number: 80
  - host: weather-v2.brainupgrade.in
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: weather-v2
            port:
              number: 80
  - http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: weather
            port:
              number: 80
Enter fullscreen mode Exit fullscreen mode

In the example above, requests for the host weather-v1.brainupgrade.in are routed to weather-v1 service, requests for the host weather-v2.brainupgrade.in are routed to weather-v2 service and requests landing on the load balancer with no HOST header are routed to the service weather.

Conclusion

In this article, we explored in detail How Ingress works along with Ingress Controller and its benefits like Load Balancing, SSL Termination & Name based Virtual Hosting.

Tags: #ingress #devops #ingresscontroller #kubernetes #vhost

About The Author

The author, Rajesh G, is The Chief Architect @ Brain Upgrade Academy where he has designed the IoT-based Fleet Management Platform that runs on a Kubernetes Cluster on AWS Amazon. He is also a certified Kubernetes Administrator and TOGAF certified Enterprise Architect.
Rajesh led various digital transformation initiatives for Fortune 500 FinTech companies. Over the last 20+ years, he has been part of many successful technology startups.

About Brain Upgrade Academy

We, at Brain Upgrade, offer Kubernetes Consulting services to our clients including Up Skilling (training) of clients teams thus facilitate efficient utilization of Kubernetes Platform.  To know more on the Kubernetes please visit www.brainupgrade.in/blog and register on www.brainupgrade.in/enroll to equip yourself with Kubernetes skills.

Why Brain Upgrade

We at Brain Upgrade, partner with our customers in the digital transformation of their businesses by providing: 

Technology Consulting in product development, IoT, DevOps, Cloud, Containerization, Big Data Analysis with a heavy focus on Open source technologies. 
Training the IT workforce on the latest cloud technologies such as Kubernetes, Docker, AI, ML, etc. 

You may want to register for the upcoming trainings on https://brainupgrade.in/enroll

Discussion (0)

Forem Open with the Forem app