Govur University Logo
--> --> --> -->
Govur University Logo
Sign In
...
Home All Courses Engineering and Technology Courses Certified Kubernetes Administrator (CKA) Flashcard

Explain the concept of Ingress in Kubernetes and how it is used to expose applications to external clients.



Ingress in Kubernetes is an API object that manages external access to services within a cluster, typically HTTP and HTTPS. It acts as a reverse proxy, routing traffic from outside the cluster to the appropriate backend services based on rules defined in the Ingress resource. Ingress simplifies exposing multiple services through a single IP address and provides features like TLS termination, name-based virtual hosting, and path-based routing.

Here's a breakdown of the key concepts and how Ingress works:

Purpose of Ingress:

Centralized access point: Ingress provides a single entry point for external traffic, allowing you to manage access to multiple services through a single IP address or domain name.
Name-based virtual hosting: Ingress allows you to host multiple applications on the same IP address using different hostnames.
Path-based routing: Ingress allows you to route traffic to different services based on the URL path.
TLS termination: Ingress can handle TLS termination, offloading the encryption and decryption process from the backend services.
Load balancing: Ingress can distribute traffic across multiple backend Pods, providing load balancing and high availability.

Components of Ingress:

Ingress Controller: An Ingress controller is a specialized controller that watches for Ingress resources and configures a reverse proxy (e.g., Nginx, HAProxy, Traefik) to route traffic according to the Ingress rules. You need to deploy an Ingress controller in your cluster to use Ingress.
Ingress Resource: An Ingress resource defines the rules for routing traffic from outside the cluster to the backend services. It specifies the hostnames, paths, and backend services to use.

How Ingress works:

The client sends an HTTP or HTTPS request to the Ingress controller.
The Ingress controller inspects the request's hostname and path.
The Ingress controller matches the request against the rules defined in the Ingress resource.
The Ingress controller forwards the request to the appropriate backend service.
The backend service processes the request and returns a response to the Ingress controller.
The Ingress controller forwards the response to the client.

Example:

Let's say you have two applications running in your Kubernetes cluster:

Web application: Served by a service called `web-app-service` in the `default` namespace.
API application: Served by a service called `api-app-service` in the `default` namespace.
You want to expose these applications to external clients using the following hostnames:

web.example.com: Should route to the web application.
api.example.com: Should route to the API application.
Here's an example of an Ingress resource that achieves this:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: web.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-app-service
port:
number: 80
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-app-service
port:
number: 80
```

In this example:

apiVersion: Specifies the API version for the Ingress (`networking.k8s.io/v1`).
kind: Specifies the type of resource (`Ingress`).
metadata.name: Specifies the name of the Ingress (`my-ingress`).
spec.rules: Defines the rules for routing traffic.
spec.rules.host: Specifies the hostname to match (e.g., `web.example.com`).
spec.rules.http.paths: Defines the paths to match.
spec.rules.http.paths.path: Specifies the path to match (e.g., `/`).
spec.rules.http.paths.pathType: Specifies how the path should be matched (`Prefix` matches any path that starts with the specified prefix).
spec.rules.http.paths.backend.service.name: Specifies the name of the backend service (e.g., `web-app-service`).
spec.rules.http.paths.backend.service.port.number: Specifies the port on the backend service (e.g., `80`).

To deploy this Ingress resource, save the above YAML as `my-ingress.yaml` and run:

```bash
kubectl apply -f my-ingress.yaml
```

Prerequisites:

Ingress Controller: Before creating the Ingress resource, you must have an Ingress controller running in your cluster. Popular options include Nginx Ingress Controller, HAProxy Ingress Controller, and Traefik. Deploying an Ingress controller is beyond the scope of this example, but instructions can be found in the documentation for each controller.
DNS Configuration: You need to configure your DNS records to point the hostnames (e.g., web.example.com and api.example.com) to the IP address of the Ingress controller. This is typically done by creating A records in your DNS zone.

TLS Termination:

To enable TLS termination, you need to create a Secret containing your TLS certificate and key and reference it in the Ingress resource.

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
tls:
- hosts:
- web.example.com
secretName: web-example-com-tls
rules:
- host: web.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-app-service
port:
number: 80
```

In this example:

spec.tls: Specifies the TLS configuration.
spec.tls.hosts: Specifies the hostnames for which the TLS certificate is valid.
spec.tls.secretName: Specifies the name of the Secret containing the TLS certificate and key.

The Secret should be created with `kubectl create secret tls`:

```bash
kubectl create secret tls web-example-com-tls --key path/to/tls.key --cert path/to/tls.crt
```

Annotations:

Ingress controllers often support annotations that allow you to configure additional features, such as request timeouts, buffer sizes, and custom error pages. The annotations are specific to the Ingress controller you are using, so you should consult the documentation for your Ingress controller for a list of supported annotations.

In summary, Ingress is a powerful tool for exposing applications to external clients in Kubernetes. It provides a centralized access point, allows for name-based virtual hosting and path-based routing, and supports TLS termination. By deploying an Ingress controller and defining Ingress resources, you can simplify the management of external access to your applications and improve the security and scalability of your cluster.