What Is Ingress In Kubernetes?

• Ingress is:
  • Reverse Proxy
  • Layer 7 LoadBalancer
  • Smart router
  • An entrypoint to cluster
  • Actually NOT a type of service. Instead, it sits in front of multiple services and act as a “smart router” or entrypoint into your cluster
• Ingress is the most useful to expose multiple services under the same IP address and these services all use the same L7 protocol (typically HTTP)
• An Ingress Resource just describes a way to route Layer 7 traffic into your cluster, by specifying things like the request path, request domain, and target kubernetes service
• Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource
• An API object that manages external access to the services in a cluster, typically HTTP
• Kubernetes Ingress is an API object that provides routing rules to manage external users’ access to the services in a Kubernetes cluster, typically via HTTPS/HTTP
• Ingress is made up of an Ingress API object and the Ingress Controller
• An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting

Compnents Of Ingress

• Ingress controller : a pod running inside K8s cluster
  • Works based on ingress rules
  • Lives inside cluster
  • Intercets incoming request
• Ingress rule : routing rules (incoming request -> services in cluster)
• External Load Balancer : cloud vendor specific external load balancer with public IP address
• Service : ingress controller talks to K8s service to reach target application (pod)

How Does Ingress Work?

• The ingress container spins off cloud native external load balancer
• External request (internet traffic i.e. http) enters into cluster through public IP of external load balancer
• Incoming request is intercepted and Ingress controller makes sure that ingress rules are applied
• Ingress controller routes traffic (according to ingress rules) to target service

internet -> loadbalancer -> ingress controller -> ingress rules -> k8s-services -> Replicas

Capabilities of Ingress

• Ingress is capable to provide
  • Load Balancing
  • SSL termination
  • Nname-based virtual hosting: to route an incoming request to the right service by analysing it’s URL
• Ingress capabilities allows to securely expose multiple API’s or Applications from a single domain name
• Ingress sits between the public network (Internet) and the Kubernetes services that publicly expose our Api’s implementation

Ingress vs LoadBalancer

Load balancer distributes the requests among multiple backend services (of same type) whereas ingress is more like an API gateway (reverse proxy) which routes the request to a specific backend service based on, for instance, the URL.

Ingress Saves Money

Lets say you have 10 websites hosted in your cluster and you want to expose them all to external traffic:

• If you use type LoadBalancer Service you’ll spawn 10 HA Cloud load balancers (each costs money)
• If you use type Ingress Controller you’ll spawn 1 HA Cloud load balancer(saves money), and it’ll point to an Ingress Controller running in your cluster

Use Cases

• Accessing multiple services using a single load balancer
• UI applications need to be accessible through browser
• Exposing apps to external clients: external clients need to reach applications (running in K8s cluster)

Ingress Controller

• A Kubernetes Ingress controller is a specialized load balancer for Kubernetes environments
• An Ingress controller is responsible for fulfilling the Ingress, usually with a load balancer, though it may also configure your edge router or additional frontends to help handle the traffic
• An Ingress controller abstracts away the complexity of Kubernetes application traffic routing and provides a bridge between Kubernetes services and external ones
• Kubernetes Ingress controllers:
  • Accept traffic from outside the Kubernetes platform, and load balance it to pods (containers) running inside the platform
  • Can manage egress traffic within a cluster for services which need to communicate with other services outside of a cluster
  • Are configured using the Kubernetes API to deploy objects called “Ingress Resources”
  • Monitor the pods running in Kubernetes and automatically update the load‑balancing rules when pods are added or removed from a service
• You must have an Ingress controller to satisfy an Ingress. Only creating an Ingress resource has no effect

Ingress in AKS

• Ingress in AKS is implemented as Application Gateway Ingress Controller (AGIC)
• An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services
• Benefits of AGIC
  • Eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster
  • Application Gateway talks to pods using their private IP directly and does not require NodePort or KubeProxy services
  • Also brings better performance to your deployments

Application Gateway Ingress Controller

See: AGIC (Application Gateway Ingress Controller)

Links

• https://kubernetes.io/docs/concepts/services-networking/ingress/#what-is-ingress
• https://stackoverflow.com/questions/45079988/ingress-vs-load-balancer
• https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0
• https://developers.redhat.com/blog/2019/06/12/accessing-apache-kafka-in-strimzi-part-5-ingress/