Hey Cloudees ☁️!
Managing application traffic in Kubernetes can be challenging, especially when have multiple services running. That’s where 𝑲𝒖𝒃𝒆𝒓𝒏𝒆𝒕𝒆𝒔 𝑰𝒏𝒈𝒓𝒆𝒔𝒔 comes into play!
Before getting into K8S Ingress first let’s understand What is Layer 4 and Layer 7 Load Balancing.
𝐋𝐚𝐲𝐞𝐫𝟒:
👉 Operates at Transport layer of Operating System(TCP/UDP). It make decisions based on the available information in this transport layer.
👉 It Doesn’t have intelligence to transport based on the request.
👉 Requires separate SSL Termination.
Ex: K8S Load Balancer
𝐋𝐚𝐲𝐞𝐫𝟕:
👉 It Operates at Application level, it makes decisions based on application requests like http/https.
👉 It has the intelligence to distribute the load based on the application requests ( ex: /login, /admin .. etc)
👉 It can terminate SSL connections
Ex: K8S Ingress, AWS LoadBalancer, Azure Application Gateway..
𝑾𝒊𝒕𝒉𝒐𝒖𝒕 𝑰𝒏𝒈𝒓𝒆𝒔𝒔:
👉 We cannot Expose our application externally by using clusterIP service.
👉 Exposing the app via NodePort can be a security Concern.
👉 Exposing app via LoadBalancer is much expensive and it will point only app/one service at a time.
To checkmate all these there is a concept called ” Ingress ”
𝑾𝒉𝒂𝒕 𝒊𝒔 𝑰𝒏𝒈𝒓𝒆𝒔𝒔? :
Ingress is an API object in K8S that manages external HTTP/HTTPS access to services running in the K8S cluster.
👉 It is a Layer7 load balancer.
👉 It acts as an entry point to the K8S cluster.
👉 It allows to define rules for routing incoming requests to the appropriate Services based on the URL path’s / Host names.
It has 2 components:
✨ Ingress Controller
✨ Ingress Resources
🌟 𝑰𝒏𝒈𝒓𝒆𝒔𝒔 𝑪𝒐𝒏𝒕𝒓𝒐𝒍𝒍𝒆𝒓:
It is a K8S object, While Ingress defines the routing rules, Ingress Controller watches for these rules and performs the routing.
🌟 𝑰𝒏𝒈𝒓𝒆𝒔𝒔 𝑹𝒆𝒔𝒐𝒖𝒓𝒄𝒆𝒔:
It is a K8S object where we define the routing rules like how the load balancing should be done.
𝑰𝒏𝒈𝒓𝒆𝒔𝒔 𝑨𝒓𝒄𝒉𝒊𝒕𝒆𝒄𝒕𝒖𝒓𝒆:
After we create an Ingress resource in K8S. A Cloud provider LoadBalancing URL/IP will be assigned to access.
👉 When users trying to access the application using LoadBalancing URL/IP address the traffic will first hit the Ingress controller
👉 The Ingress Controller always watches the Ingress Resource rules/ for any modifications.
👉 Based on the rules it will pass the request to the specific pod/Deployment service(ClusterIP).
👉 Through internal communication the ClusterIP service will pass the request to the respective pod and the pod will carry forward the request.
Workflow:
User -> Cloud provider LoadBalancer -> Ingress Controller -> Service( ClusterIP) -> Pod.
Note:
👉 Here we need Service for each Deployment or Pod
Do comment down your thoughts 💭
