KUBERNETES INGRESS IN NUTSHELL

Let’s take an example of regular webserver, our Highly Nginx Server and it is expose by a service.

We generally deploy the service using manifest file and in spec you define what kind of service it is?

If you want to expose the service to internet you define type Load Balancer

If we using AWS Cloud, it will create Classic Load Balancer and expose your service to the world.

This Load Balancer will have the DNS address, so you use that to reach the web server.

Let’s say we have a client, who wants to run whole system in kubernetes.

Now if you have 2 or more apps of the client, so in this case we have to replicate setup for each application with Services and Load Balancer

Here is the problem, in real enterprises we have lots of subdomain. If we spin up, load balancer for each service/ application (in this case 2 LB),

• It’s is costly to maintain one load balancer for each service
• No URL base routing.

This is the example of URL based routing.( http://weldon.in/app ;http://weldon.in/app1)

• Maintenance overhead of managing all separate services.

To solve this problem – We need Ingress.

Let see how the scenario, looks like with kubernetes Ingress.

Kubernetes Ingress is an API resource that allows you to manage external or internal, http or https access to kubernetes service running in a cluster. It supports multiple feature including

• Path based routing
• Web socket
• TLS
•  AWS WAF

Popular Ingress Controller available in market, we will be using alb-ingress-controller.

Let’s now take one application and try to understand ingress.

In the beginning we just have node, then we deploy application which creates some pods with application container, ignore replica -5 for now. In diagram we have 2 pods.

Now we deploy service, this time service type is Node Port. We named our service as service-2048 which distributing traffic to app – 2048, which is basically our application.

Now we deploy ingress controller, so ingress has 2 part

1. Ingress Controller
2. Ingress resource

Ingress Controller

As you see, this is also type of deployment. So once you run this it will create pod with alb-ingress-controller  ALB Ingress controller is an open source tool, it’s a deployment.

It will deploy regular pod with software + ALB. Now this pod which is running ALB Ingress Controller it is going to watch for Ingress event from API Server. Now at this point is not creating any application Load Balancer.

Ingress Resource

It will create application LoadBalancer only when we run manifest file with kind: Ingress

With annotation - we specify “Alb” with “internet facing” with our service 2048

Path will add the rule in application Load Balancer to route the traffic to service-2048

Next time if we want to add other route like apps1. We just have to add new path and point that to respective service. No New Load Balancer will be created.

Let’s make some notes about Ingress Controller and Ingress Resource

INGRESS CONTROLLER

• Monitors Ingress resources
• Creates necessary AWS resources for Ingress

   Such as ALB for ALB Ingress Controller

 Require proper IAM Policy

 Require Service Account and IAM Role for the alb-ingress-controller-pod

•  One Cluster can have more than one Ingress Controller!

Ingress Resource defines which Ingress Controller to use

INGRESS RESOURCE

• Select which Ingress Controller to use
• Defines the URL Path and corresponding backend Service.

Let’s further deep drive in ingress traffic. In above example we saw instance mode where node port service is needed.

For IP Mode, Setup will be as shown below.

Thank you!!!