Ingress Resource - toge510/homelab GitHub Wiki
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.
We can define Ingress resource as an Ingress Resource like this.
A fanout configuration routes traffic from a single IP address to more than one Service, based on the HTTP URI being requested.
- foo.bar.com/foo --> service1
- foo.bar.com/bar --> service2
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: simple-fanout-example
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: service1
port:
number: 4200
- path: /bar
pathType: Prefix
backend:
service:
name: service2
port:
number: 8080
graph LR;
client([client])-. Ingress-managed <br> load balancer .->ingress[Ingress, 178.91.123.132];
ingress-->|/foo|service1[Service service1:4200];
ingress-->|/bar|service2[Service service2:8080];
subgraph cluster
ingress;
service1-->pod1[Pod];
service1-->pod2[Pod];
service2-->pod3[Pod];
service2-->pod4[Pod];
end
classDef plain fill:#ddd,stroke:#fff,stroke-width:4px,color:#000;
classDef k8s fill:#326ce5,stroke:#fff,stroke-width:4px,color:#fff;
classDef cluster fill:#fff,stroke:#bbb,stroke-width:2px,color:#326ce5;
class ingress,service1,service2,pod1,pod2,pod3,pod4 k8s;
class client plain;
class cluster cluster;
An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting.
With metalLB (wiki link), you can deploy a service and make it accessible outside of the cluster. However, metalLB needs one IP address per one service (it can't make every service accessible from a single IP address). To make every service accessible from a single IP address, you have to use Ingress.
You must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect.
You may need to deploy an Ingress controller such as ingress-nginx. You can choose from a number of Ingress controllers.
Deply Ingress-Nginx Controller with a manifest
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
We have to use metalLB to make an Ingress controller service with loadBalancer type accessible from the outside of the cluster.
You can check that 192.168.11.245 was assigned to Ingress controller service as an EXTERNAL-IP
goto@homelab:~$ kubectl -n ingress-nginx get svc ingress-nginx-controller
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.103.129.17 192.168.11.245 80:32355/TCP,443:32763/TCP 3h20m
kubectl create deployment demo --image=httpd --port=80
kubectl expose deployment demo
kubectl create ingress demo-localhost --class=nginx \
--rule="demo.localdev.me/*=demo:80"
Add "192.168.11.245 demo.localdev.me" to /etc/hosts
You can access your deployment using curl.
goto@homelab:~$ curl demo.localdev.me
<html><body><h1>It works!</h1></body></html>