Configuring Ingress for Your Application
Now that we have a basic understanding of Kubernetes Ingress, let's dive into configuring it for your application. Ingress provides a flexible and powerful way to manage external access to your services, allowing you to configure path-based routing, host-based routing, SSL/TLS termination, and more.
Path-based Routing
One of the common use cases for Ingress is path-based routing, where you can route incoming requests to different services based on the URL path. Here's an example Ingress configuration that demonstrates this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-based-ingress
spec:
rules:
- http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- path: /web
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
In this example, requests to example.com/api
will be routed to the api-service
, while requests to example.com/web
will be routed to the web-service
.
Host-based Routing
Ingress also supports host-based routing, which allows you to route traffic to different services based on the host name. Here's an example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: host-based-ingress
spec:
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- host: web.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
In this example, requests to api.example.com
will be routed to the api-service
, while requests to web.example.com
will be routed to the web-service
.
SSL/TLS Termination
Ingress can also handle SSL/TLS termination, allowing you to serve your application over HTTPS. Here's an example:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
tls:
- hosts:
- example.com
secretName: tls-secret
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app-service
port:
number: 80
In this example, the Ingress is configured to terminate SSL/TLS traffic using a secret named tls-secret
. The nginx.ingress.kubernetes.io/ssl-redirect: "false"
annotation ensures that HTTP traffic is not automatically redirected to HTTPS.
Authentication and Authorization
Ingress can also be used to handle authentication and authorization for your application. You can configure Ingress to use various authentication mechanisms, such as basic auth, OAuth, or OIDC. Here's an example using basic auth:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: auth-ingress
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: basic-auth
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app-service
port:
number: 80
In this example, the Ingress is configured to use basic authentication, with the credentials stored in a secret named basic-auth
.
By combining these Ingress configuration options, you can create a powerful and flexible way to manage external access to your Kubernetes applications.