Kubernetes Ingress Controller and NGINX Ingress
Ingress in Kubernetes is a key resource for managing HTTP and HTTPS traffic for services within the cluster. It allows you to define rules for routing traffic based on hostname, path, or other attributes. In order for Ingress to work, you need a Ingress controllerone of the most popular options is NGINX ingress controller.
What is Ingress in Kubernetes?
Ingress is a Kubernetes API resource that provides routing rules to manage external access to services. Rather than exposing multiple services through LoadBalancer or NodePort, Ingress provides a single entry point to manage and route traffic.
Key features of Ingress:
- host-based routing: Route traffic based on hostname.
- path based routing: Route traffic based on URL path.
- TLS termination: Use SSL/TLS for secure communication.
- Centralized management: Reduce dependence on multiple service exposure methods.
Ingress controller
one Ingress controller It is the component that implements the Ingress API. While the ingress resource defines routing rules, the controller enforces them by configuring the underlying load balancer or proxy.
Popular Ingress controllers:
- NGINX ingress controller
- transportation
- HA proxy
- contour
- AWS/GCP/Azure specific controllers
Without an Ingress Controller, the Ingress resource has no effect.
NGINX ingress controller
this NGINX ingress controller It is one of the most widely used controllers in Kubernetes. It utilizes the powerful and high-performance NGINX web server to route and manage traffic.
Why choose NGINX?
- High performance and scalability.
- Rich feature set (e.g., advanced routing, rate limiting, custom error pages).
- Easily integrate with existing Kubernetes deployments.
NGINX variants:
-
NGINX Ingress Controller (community support):
- Open source.
- Actively maintained by the Kubernetes community.
-
NGINX Plus:
- Commercial product with additional enterprise-grade features.
Install NGINX ingress controller
You can install the NGINX Ingress Controller using the following tools kubectlHelm or Kubernetes manifest.
Option 1: Install using Helm
- New Helm repository:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
- Install the NGINX ingress controller:
helm install ingress-nginx ingress-nginx/ingress-nginx
- Verify installation:
kubectl get pods -n ingress-nginx
Option 2: Install using a manifest
- App official list:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
- Verify resources:
kubectl get all -n ingress-nginx
Create entry resources
After deploying the NGINX Ingress Controller, you can create a Entrance Resources for routing traffic.
Example: Basic Ingress
This example routes traffic to a backend service based on hostname.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 80
Example: Path-based routing
Route traffic to different services based on URL path:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-based-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
Example: TLS-enabled entry
Secure traffic using SSL/TLS:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
spec:
tls:
- hosts:
- example.com
secretName: example-tls-secret
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: secure-service
port:
number: 443
Notes on NGINX Ingress
Annotations allow fine-tuning the behavior of the NGINX Ingress Controller. Here are some common ones:
- Rewrite target: Rewrite the URL before forwarding to the backend.
nginx.ingress.kubernetes.io/rewrite-target: /
- Custom error page: Define custom error response.
nginx.ingress.kubernetes.io/custom-http-errors: "404,503"
- rate limit: Limit requests to prevent abuse.
nginx.ingress.kubernetes.io/limit-rps: "5"
- Client body type: Control upload limits.
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
Monitor and debug NGINX Ingress
- View log:
kubectl logs -n ingress-nginx
-
access metrics:
- Integrate with Prometheus and Grafana for detailed monitoring.
- Use the built-in NGINX metrics endpoint.
-
Test entry rules:
- use
curlVerify routing:
curl -H "Host: example.com" http:// - use
NGINX Ingress Best Practices
-
Use namespaces:
- Deploy separate Ingress resources for different namespaces to isolate traffic.
-
safe transportation:
- Always configure TLS for production environments.
- Get a free SSL certificate through tools like Let’s Encrypt certificate manager.
-
zoom controller:
- Use Kubernetes Horizontal Pod Autoscaler (HPA) to scale the Ingress Controller based on traffic.
-
Test routing rules:
- Validate all Ingress rules in staging before applying them to production.
Common commands
kubectl get ingress
kubectl describe ingress
kubectl logs -n ingress-nginx
in conclusion
NGINX Ingress Controller provides a powerful and flexible solution for managing external traffic in Kubernetes. By learning how to set up Ingress resources and taking advantage of NGINX’s advanced features, you can create scalable, secure, and efficient traffic management for Kubernetes applications.