Ingress in one minute

exposing services to the world

Ingress 101

Once your services have been established in Kubernetes, most probably you want to get external traffic into your cluster. One way to achieve it is to use Ingress.

Definition: Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

ingress object

High-level overview

Setup (local cluster in Docker Desktop)

Let’s say we have two services (goapp-svc on 8082 and pythonapp-svc on 8081) running in the cluster and we want to expose them using Ingress.

svc

A Kubernetes service allows to expose multiple pods under a single IP address and a single DNS name, so let’s test the services by spinning up a naked pod with curl inside it.

POD with curl

Next, we need an Ingress controller and some Ingress rules(routing rules to manage external users’ access to the services in the cluster) which will be passed to the controller.

⚠️ You must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect.

Installing a controller…I’m going to use NGINX ingress controller

ingress controller

Next, I’m going to create a Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: localhost
      http:
        paths:
          - path: /python
            pathType: Prefix
            backend:
              service:
                name: pythonapp-svc
                port:
                  number: 8081
          - path: /go
            pathType: Prefix
            backend:
              service:
                name: goapp-svc
                port:
                  number: 8082

The Ingress spec contains the HTTP rule for routing the traffic to our backend (the paths that we chose to expose with their associated services and the ports).

Now I’ll forward the 8080 local port to the ingress controller which resides in the ingress-nginx namespace and access in the browser the exposed services

kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80

exposed svc

Conclusions

The Ingress resource is an alternative to manually exposing services or creating and maintaining a dedicated load balancer in front of Kubernetes services.