English

Creating Ingresses

Ingress rules (Kubernetes Ingress) expose HTTP/HTTPS routes from outside the cluster to internal routing (Kubernetes Service), enabling control of external access to computing components.

Create an Ingress to manage the external HTTP/HTTPS access to a Service.

WARNING

When creating multiple ingresses within the same namespace, different ingresses MUST NOT have the same Domain, Protocol, and Path (i.e., duplicate access points are not allowed).

Implementation Method

Ingress rules depend on the implementation of the Ingress Controller, which is responsible for listening to changes in Ingress and Service. After a new Ingress rule is created, a forwarding rule matching the Ingress rule is automatically generated within the Ingress Controller. When the Ingress Controller receives a request, it matches the forwarding rule from the Ingress rule and distributes the traffic to the specified internal routes, as shown in the diagram below.

NOTE

For the HTTP protocol, Ingress only supports the 80 port as the external port. For the HTTPS protocol, Ingress only supports the 443 port as the external port. The platform's load balancer will automatically add the 80 and 443 listening ports.

Quick Start

Next, we will use the community version of Ingress-NGINX to demonstrate how to access your own application using the NGINX controller.

deploy Ingress-NGINX controller.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.2/deploy/static/provider/cloud/deploy.yaml

The following resources are automatically created after using this command:

Kind	Name	Description
`Namespace`	`ingress-nginx`	Resources for Isolating Controllers
`ServiceAccount`	`ingress-nginx`	Service account for the controller
`ClusterRole`	`ingress-nginx`	Cluster-wide permissions
`ClusterRoleBinding`	`ingress-nginx`	Bind ClusterRole to SA
`ConfigMap`	`ingress-nginx-controller`	Configure controller behaviour (e.g. logging levels, proxy timeout, etc.)
`ValidatingWebhookConfig`	`ingress-nginx-admission`	Webhook to verify Ingress configuration legitimacy (optional)
`Service` (TCP/UDP)	`ingress-nginx-controller`	The type defaults to `LoadBalancer` and can be changed to `NodePort`.
`Deployment`	`ingress-nginx-controller`
`Pod`	`ingress-nginx-controller-xxx`
`Role`/`RoleBinding`	admission 相关	Support for webhook
`Job`	`ingress-nginx-admission-create`	webhook Registration

If you want to change the default registry address, you can use curl to download the YAML file, change it, and then apply the YAML file.

curl -O https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.2/deploy/static/provider/cloud/deploy.yaml

Waiting for the ingress-nginx-controller-xxx Pod to run

Local testing
- Creating a simple web server and the associated service:
  kubectl create deployment demo --image=nginx --port=80 kubectl expose deployment demo
- Creating an ingress resource. This example uses a host that maps to localhost:
  kubectl create ingress demo-localhost --class=nginx \ --rule="demo.local/*=demo:80"
- Forward a local port to the ingress controller:
  kubectl port-forward --namespace=ingress-nginx service/ingress-nginx-controller 8080:80
- Accessing your deployment using curl:
  curl --resolve demo.local:8080:127.0.0.1 http://demo.local:8080
  Note: This parameter temporarily resolves the domain name demo.local to IP 127.0.0.1 and is used on port 8080. When you visit http://demo.local:8080, you are actually visiting http://127.0.0.1:8080. On the other hand, you should configure hosts:
  echo "127.0.0.1 demo.local" | sudo tee -a /etc/hosts
  Final you should see a HTML response containing text like "Welcome to nginx!".
  
  Then you can access website http://demo.local:8080/.

INFO

ingress-nginx-controller default type is LoadBalancer, If EXTERNAL-IP field shows pending, this means that your Kubernetes cluster wasn't able to provision the load balancer.

If you're integrating with a provider that supports specifying the load balancer IP address(es) for a Service via a (provider specific) annotations, you should switch to doing that.

Online testing

When your ingress-nginx-controller (Service of LoadBalancer type) exists an EXTERNAL-IP, Then you can create an ingress resource. The following example assumes that you have set up a DNS record for www.developer.io:

kubectl create ingress demo --class=nginx \
  --rule="www.developer.io/*=demo:80"

You can access http://www.developer.io to see the same output.

Prerequisites

There must be an available Service in the current namespace.
Please confirm with the administrator that a usable domain name has been allocated for the project associated with the current namespace.
To access the domain via HTTPS, you need to first save the HTTPS certificate as a TLS secret.

Example Ingress:

# nginx-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: k-1
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: demo.local
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port:
                  number: 80

To see more configurations please refer to nginx-configuration.
Using ingress-nginx controller.
If you only want to run ingress locally, configure the hosts beforehand.

Creating a Ingress by using the web console

Access the Container Platform.
In the left navigation bar, click Network > Ingress.
Click Create Ingress.

Reference the instructions below to configure certain parameters.

Parameter	Description
Ingress Class	Ingresses can be implemented by different controllers with different `IngressClass` name. If multiple ingress controllers are available on the platform, the user can select which one to use with this option.
Domain Name	Hosts can be precise matches (for example `foo.bar.com`) or a wildcard (for example `*.foo.com`). The domain names available are allocated by platform administrator.
Certificates	TLS secret or Certificates allocated by platform administrator.
Match Type and Path	Prefix: Matches path prefixes, e.g., `/abcd` can match `/abcd/efg` or `/abcde`. Exact: Matches exact paths, e.g., `/abcd`. Implementation specific: If you are using a custom Ingress controller to manage the Ingress rules, you may choose to have the controller decide.
Service	External traffic will be forwarded to this Service.
Service Port	Specify which Service port the traffic will be forwarded to.

Click Create.

Creating a Ingress by using the CLI

kubectl apply -f nginx-ingress.yaml

NOTE

If the ingress has no Ingress Class, all the ALB instances that are allocated to this project will handle this ingress.

ON THIS PAGE

How to

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Guides

Namespaces

Pre-Application-Creation Preparation

Creating Applications

Post-Application-Creation Configuration

Operation and Maintenance

Application Observability

Workloads

Pod

Container

How To

Install

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To

Guides

How To

Troubleshooting

Architecture

Guides

How To