Kubernetes Ingress Controllers and NGINX Ingress
Ingress in Kubernetes is a key resource that manages HTTP and HTTPS traffic to services within a cluster. It allows you to define rules for routing traffic based on hostnames, paths, or other attributes. To make Ingress work, you need an Ingress Controller, and one of the most popular options is the NGINX Ingress Controller.
What is Ingress in Kubernetes?
Ingress is a Kubernetes API resource that provides routing rules to manage external access to services. Instead of exposing multiple services via LoadBalancers or NodePorts, Ingress provides a single entry point for managing and routing traffic.
Key Features of Ingress:
- Host-Based Routing: Route traffic based on hostnames.
- Path-Based Routing: Route traffic based on URL paths.
- TLS Termination: Secure communication with SSL/TLS.
- Centralized Management: Reduce reliance on multiple service exposure methods.
Ingress Controllers
An Ingress Controller is the component that implements the Ingress API. While the Ingress resource defines the routing rules, the controller enforces them by configuring the underlying load balancer or proxy.
Popular Ingress Controllers:
- NGINX Ingress Controller
- Traefik
- HAProxy
- Contour
- AWS/GCP/Azure-specific Controllers
Without an Ingress Controller, the Ingress resource has no effect.
NGINX Ingress Controller
The NGINX Ingress Controller is one of the most widely used controllers in Kubernetes. It leverages the robust and high-performance NGINX web server to route and manage traffic.
Why Choose NGINX?
- High performance and scalability.
- Rich feature set (e.g., advanced routing, rate limiting, custom error pages).
- Easy integration with existing Kubernetes deployments.
NGINX Variants:
-
NGINX Ingress Controller (community-supported):
- Open-source.
- Actively maintained by the Kubernetes community.
-
NGINX Plus:
- Commercial offering with additional enterprise-grade features.
Installing the NGINX Ingress Controller
You can install the NGINX Ingress Controller using tools like kubectl
, Helm, or Kubernetes manifests.
Option 1: Install with Helm
- Add the Helm repository:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
- Install the NGINX Ingress Controller:
helm install ingress-nginx ingress-nginx/ingress-nginx
- Verify the installation:
kubectl get pods -n ingress-nginx
Option 2: Install with Manifests
- Apply the official manifests:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
- Verify the resources:
kubectl get all -n ingress-nginx
Creating an Ingress Resource
After deploying the NGINX Ingress Controller, you can create an Ingress resource to route traffic.
Example: Basic Ingress
This example routes traffic to a backend service based on the hostname.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 80
Example: Path-Based Routing
Route traffic to different services based on URL paths:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-based-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- path: /app2
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80
Example: TLS-Enabled Ingress
Secure traffic using SSL/TLS:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: tls-ingress
spec:
tls:
- hosts:
- example.com
secretName: example-tls-secret
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: secure-service
port:
number: 443
Annotations for NGINX Ingress
Annotations allow fine-tuning of the NGINX Ingress Controller’s behavior. Here are some common ones:
-
Rewrite Target:
Rewrite URLs before forwarding to the backend.
nginx.ingress.kubernetes.io/rewrite-target: /
-
Custom Error Pages:
Define custom error responses.
nginx.ingress.kubernetes.io/custom-http-errors: "404,503"
-
Rate Limiting:
Limit requests to prevent abuse.
nginx.ingress.kubernetes.io/limit-rps: "5"
-
Client Body Size:
Control upload limits.
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
Monitoring and Debugging NGINX Ingress
- View Logs:
kubectl logs -n ingress-nginx <nginx-ingress-pod>
-
Access Metrics:
- Integrate with Prometheus and Grafana for detailed monitoring.
- Use the built-in NGINX metrics endpoint.
-
Test Ingress Rules:
- Use
curl
to verify routing:
curl -H "Host: example.com" http://<ingress-controller-ip>
- Use
Best Practices for NGINX Ingress
-
Use Namespaces:
- Deploy separate Ingress resources for different namespaces to isolate traffic.
-
Secure Traffic:
- Always configure TLS for production environments.
- Use Let’s Encrypt for free SSL certificates with tools like cert-manager.
-
Scale the Controller:
- Use Kubernetes Horizontal Pod Autoscaler (HPA) to scale the Ingress Controller based on traffic.
-
Test Routing Rules:
- Validate all Ingress rules in staging before applying them to production.
Common Commands
- List Ingresses:
kubectl get ingress
- Describe an Ingress:
kubectl describe ingress <ingress-name>
- Check Ingress Logs:
kubectl logs -n ingress-nginx <nginx-ingress-pod>
Conclusion
The NGINX Ingress Controller provides a powerful, flexible solution for managing external traffic in Kubernetes. By understanding how to configure Ingress resources and leverage NGINX’s advanced features, you can build a scalable, secure, and efficient traffic management layer for your Kubernetes applications.