Ingress is the name used to describe an API object that manages external access to the services in a cluster. Typically, an Ingress exposes HTTP and HTTPS routes from outside the cluster to services running within the cluster.
The object is called an Ingress because it acts as a gateway for inbound traffic. The Ingress receives inbound requests and routes them according to the rules you defined for the Ingress resource as part of your cluster configuration.
This tutorial demonstrates how to expose an application running on the Konvoy cluster by configuring an Ingress for load balancing (layer-7).
Prerequisites
Before you begin, you must:
- Have access to a Linux, macOS, or Windows computer with a supported operating system version.
- Have a properly deployed and running cluster.
Expose a pod using an Ingress (L7)
-
Deploy two web application Pods on your Kubernetes cluster by running the following command:
kubectl run --restart=Never --image hashicorp/http-echo --labels app=http-echo-1 --port 80 http-echo-1 -- -listen=:80 --text="Hello from http-echo-1" kubectl run --restart=Never --image hashicorp/http-echo --labels app=http-echo-2 --port 80 http-echo-2 -- -listen=:80 --text="Hello from http-echo-2"
-
Expose the Pods with a service type of NodePort by running the following commands:
kubectl expose pod http-echo-1 --port 80 --target-port 80 --type NodePort --name "http-echo-1" kubectl expose pod http-echo-2 --port 80 --target-port 80 --type NodePort --name "http-echo-2"
-
Create the Ingress to expose the application to the outside world by running the following command:
cat <<EOF | kubectl create -f - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: echo spec: rules: - host: "http-echo-1.com" http: paths: - backend: service: name: http-echo-1 port: number: 80 pathType: ImplementationSpecific - host: "http-echo-2.com" http: paths: - backend: service: name: http-echo-2 port: number: 80 pathType: ImplementationSpecific EOF
The configuration settings in this example illustrates:
- setting the
kind
toIngress
. - setting the
service.name
to be exposed as eachbackend
.
- setting the
-
Run the following command to get the URL of the load balancer created on AWS for the Traefik service:
kubectl get svc kommander-traefik -n kommander
This command displays the internal and external IP addresses for the exposed service. (Note that IP addresses and host names are for illustrative purposes. Always use the information from your own cluster)
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kommander-traefik LoadBalancer 10.0.24.215 abf2e5bda6ca811e982140acb7ee21b7-37522315.us-west-2.elb.amazonaws.com 80:31169/TCP,443:32297/TCP,8080:31923/TCP 4h22m
-
Validate that you can access the web application Pods by running the following commands: (Note that IP addresses and host names are for illustrative purposes. Always use the information from your own cluster)
curl -k -H "Host: http-echo-1.com" http://abf2e5bda6ca811e982140acb7ee21b7-37522315.us-west-2.elb.amazonaws.com curl -k -H "Host: http-echo-2.com" http://abf2e5bda6ca811e982140acb7ee21b7-37522315.us-west-2.elb.amazonaws.com