DEV Community

Strage
Strage

Posted on

Kubernetes Ingress Controllers and NGINX Ingress: A Complete Guide

Kubernetes Ingress Controllers and NGINX Ingress

Ingress in Kubernetes is a key resource that manages HTTP and HTTPS traffic to services within a cluster. It allows you to define rules for routing traffic based on hostnames, paths, or other attributes. To make Ingress work, you need an Ingress Controller, and one of the most popular options is the NGINX Ingress Controller.


What is Ingress in Kubernetes?

Ingress is a Kubernetes API resource that provides routing rules to manage external access to services. Instead of exposing multiple services via LoadBalancers or NodePorts, Ingress provides a single entry point for managing and routing traffic.

Key Features of Ingress:

  1. Host-Based Routing: Route traffic based on hostnames.
  2. Path-Based Routing: Route traffic based on URL paths.
  3. TLS Termination: Secure communication with SSL/TLS.
  4. Centralized Management: Reduce reliance on multiple service exposure methods.

Ingress Controllers

An Ingress Controller is the component that implements the Ingress API. While the Ingress resource defines the routing rules, the controller enforces them by configuring the underlying load balancer or proxy.

Popular Ingress Controllers:

  1. NGINX Ingress Controller
  2. Traefik
  3. HAProxy
  4. Contour
  5. AWS/GCP/Azure-specific Controllers

Without an Ingress Controller, the Ingress resource has no effect.


NGINX Ingress Controller

The NGINX Ingress Controller is one of the most widely used controllers in Kubernetes. It leverages the robust and high-performance NGINX web server to route and manage traffic.

Why Choose NGINX?

  • High performance and scalability.
  • Rich feature set (e.g., advanced routing, rate limiting, custom error pages).
  • Easy integration with existing Kubernetes deployments.

NGINX Variants:

  1. NGINX Ingress Controller (community-supported):
    • Open-source.
    • Actively maintained by the Kubernetes community.
  2. NGINX Plus:
    • Commercial offering with additional enterprise-grade features.

Installing the NGINX Ingress Controller

You can install the NGINX Ingress Controller using tools like kubectl, Helm, or Kubernetes manifests.

Option 1: Install with Helm

  1. Add the Helm repository:
   helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
   helm repo update
Enter fullscreen mode Exit fullscreen mode
  1. Install the NGINX Ingress Controller:
   helm install ingress-nginx ingress-nginx/ingress-nginx
Enter fullscreen mode Exit fullscreen mode
  1. Verify the installation:
   kubectl get pods -n ingress-nginx
Enter fullscreen mode Exit fullscreen mode

Option 2: Install with Manifests

  1. Apply the official manifests:
   kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
Enter fullscreen mode Exit fullscreen mode
  1. Verify the resources:
   kubectl get all -n ingress-nginx
Enter fullscreen mode Exit fullscreen mode

Creating an Ingress Resource

After deploying the NGINX Ingress Controller, you can create an Ingress resource to route traffic.

Example: Basic Ingress

This example routes traffic to a backend service based on the hostname.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backend-service
                port:
                  number: 80
Enter fullscreen mode Exit fullscreen mode

Example: Path-Based Routing

Route traffic to different services based on URL paths:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: path-based-ingress
spec:
  rules:
    - host: example.com
      http:
        paths:
          - path: /app1
            pathType: Prefix
            backend:
              service:
                name: app1-service
                port:
                  number: 80
          - path: /app2
            pathType: Prefix
            backend:
              service:
                name: app2-service
                port:
                  number: 80
Enter fullscreen mode Exit fullscreen mode

Example: TLS-Enabled Ingress

Secure traffic using SSL/TLS:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-ingress
spec:
  tls:
    - hosts:
        - example.com
      secretName: example-tls-secret
  rules:
    - host: example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: secure-service
                port:
                  number: 443
Enter fullscreen mode Exit fullscreen mode

Annotations for NGINX Ingress

Annotations allow fine-tuning of the NGINX Ingress Controller’s behavior. Here are some common ones:

  • Rewrite Target: Rewrite URLs before forwarding to the backend.
  nginx.ingress.kubernetes.io/rewrite-target: /
Enter fullscreen mode Exit fullscreen mode
  • Custom Error Pages: Define custom error responses.
  nginx.ingress.kubernetes.io/custom-http-errors: "404,503"
Enter fullscreen mode Exit fullscreen mode
  • Rate Limiting: Limit requests to prevent abuse.
  nginx.ingress.kubernetes.io/limit-rps: "5"
Enter fullscreen mode Exit fullscreen mode
  • Client Body Size: Control upload limits.
  nginx.ingress.kubernetes.io/proxy-body-size: "10m"
Enter fullscreen mode Exit fullscreen mode

Monitoring and Debugging NGINX Ingress

  1. View Logs:
   kubectl logs -n ingress-nginx <nginx-ingress-pod>
Enter fullscreen mode Exit fullscreen mode
  1. Access Metrics:

    • Integrate with Prometheus and Grafana for detailed monitoring.
    • Use the built-in NGINX metrics endpoint.
  2. Test Ingress Rules:

    • Use curl to verify routing:
     curl -H "Host: example.com" http://<ingress-controller-ip>
    

Best Practices for NGINX Ingress

  1. Use Namespaces:

    • Deploy separate Ingress resources for different namespaces to isolate traffic.
  2. Secure Traffic:

    • Always configure TLS for production environments.
    • Use Let’s Encrypt for free SSL certificates with tools like cert-manager.
  3. Scale the Controller:

    • Use Kubernetes Horizontal Pod Autoscaler (HPA) to scale the Ingress Controller based on traffic.
  4. Test Routing Rules:

    • Validate all Ingress rules in staging before applying them to production.

Common Commands

  • List Ingresses:
  kubectl get ingress
Enter fullscreen mode Exit fullscreen mode
  • Describe an Ingress:
  kubectl describe ingress <ingress-name>
Enter fullscreen mode Exit fullscreen mode
  • Check Ingress Logs:
  kubectl logs -n ingress-nginx <nginx-ingress-pod>
Enter fullscreen mode Exit fullscreen mode

Conclusion

The NGINX Ingress Controller provides a powerful, flexible solution for managing external traffic in Kubernetes. By understanding how to configure Ingress resources and leverage NGINX’s advanced features, you can build a scalable, secure, and efficient traffic management layer for your Kubernetes applications.


Top comments (0)