Edit

Ingress Controllers

Ingress controllers are specialized Kubernetes resources that manage external access to services within a cluster, typically HTTP/HTTPS traffic. They act as reverse proxies, routing requests from outside the cluster to the appropriate internal services based on rules defined in Ingress resources.

Why Use an Ingress Controller?

  • Consolidate access: Manage all external traffic through a single entry point.

  • TLS termination: Handle SSL/TLS at the ingress layer.

  • Path and host-based routing: Route traffic based on URL paths or hostnames.

  • Load balancing: Distribute requests across multiple backend pods.

  • Security: Enforce authentication, rate limiting, and web application firewall (WAF) policies.

How Ingress Controllers Work

  1. Deploy an ingress controller (e.g., NGINX, Traefik, Kong, Gloo Edge) as a pod in your cluster.

  2. Create Ingress resources that define routing rules (host/path to service mapping).

  3. The ingress controller watches for Ingress resources and configures itself to route traffic accordingly.

Example: Deploying NGINX Ingress Controller (AKS/EKS/GKE)

Verify deployment:

Sample Ingress resource:

Best Practices

  • Use a managed ingress controller (e.g., AWS ALB Ingress, Azure Application Gateway) for production workloads.

  • Always enable TLS for secure communication.

  • Use path and host-based routing to organize microservices.

  • Monitor ingress controller logs and metrics for troubleshooting.

  • Store ingress manifests in Git for GitOps workflows.

Common Pitfalls

  • Not exposing the ingress controller service (type: LoadBalancer or NodePort).

  • Missing DNS records for host-based routing.

  • Forgetting to update firewall/network security group rules.

  • Overlooking resource limits for ingress controller pods.

References

PreviousLinkerdNextNGINX

Last updated