You are here: Foswiki>IN Web>Container>KubernetesIngress (07 Sep 2023, ChristophHandel)Edit Attach

Kubernetes Ingress

In KubernetesServices we learned how to expose an application using a service and a loadbalancer. If the application is http based we can alternatively use a ingress controller.

An Ingress controller allows us to map urls to services.

http pod

Suppose you have a pod providing http. For example the famous http echo. Save this as my-echo.yaml and apply it. 

apiVersion: v1
kind: Pod
metadata:
  name: my-echo
  labels:
    app: my-tutorial
    svc: my-echo
spec:
  containers:
  - name: http-echo
    image: aco/http-echo:stable

service

add a (internal) service, so the application can be found inside kubernetes. Create my-service.yaml and apply it 

apiVersion: v1
kind: Service
metadata:
  name: my-service
  labels:
     app: my-tutorial
spec:
  type: ClusterIP
  clusterIP: None
  selector:
    svc: my-echo
  ports:
    - protocol: TCP
      port: 80

We could now access the service inside of kubernetes.

ingress

expose the service using an ingress. Create my-ingress.yaml and apply it 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  labels:
      app: my-tutorial     
spec:
  rules:
  - host: rest.mynamespace.in.a.k8s.acc.gsi.de
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

now the we can access rest.mynamespace.in.a.k8s.acc.gsi.de

We need to type the full hostname we want to use.

certificate

add a ssl certificate to the ingress. Edit my-ingress.yaml 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  labels:
      app: my-tutorial     
  annotations:
      cert-manager.io/cluster-issuer: default-issuer
spec:
  rules:
  - host: rest.mynamespace.in.a.k8s.acc.gsi.de
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80
  tls:
  - secretName: my-ssl-certificate
    hosts:
    - rest.mynamespace.in.a.k8s.acc.gsi.de

A certificate will be generated and stored in my-ssl-certicficate. All requests are redirected to the https endpoint. For more details about the ssl certificate see KubernetesCertificates
Edit  | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r4 - 07 Sep 2023, ChristophHandel
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback