Ingress and Networking
Ingress is an API resource that manages external access to the services in a cluster through HTTP or HTTPS. It offers name-based virtual hosting, SSL termination and load balancing when exposing HTTP/HTTPS routes from outside to services in the cluster.
The traffic policies are controlled by rules as part of the Ingress definition. Each rule defines the following details:
An optional host to which apply the rules.
A list of paths or routes which has an associated backend defined with a Service
name, a port
A backend is a combo of a Service and port names, or a custom resource backend defined as a CRD. Consequently HTTP/HTTPS requests to the Ingress that matches the host and path of the rule are sent to the listed backend.
An example of an Ingress specification is:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: konvoy-ingress namespace: default annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - http: paths: - path: /path pathType: Prefix backend: service: name: my-konvoy-service port: number: 80
In Kommander, you can expose services to the outside world using Ingress objects.
In contrast with the controllers in the Kubernetes control plane, Ingress controllers are not started with a cluster so you need to choose the desired Ingress controller.
An Ingress controller has to be deployed in a cluster for the Ingress definitions to work.
Kubernetes as a project currently supports and maintains GCE and nginx controllers.
These are four of the most known Ingress controllers:
HAProxy Ingress is a highly customizable community-driven ingress controller for HAProxy.
NGINX offers support and maintenance for the NGINX Ingress Controller for Kubernetes.
Traefik is a fully featured Ingress controller (Let’s Encrypt, secrets, http2, websocket), and has commercial support.
Ambassador API Gateway EXPERIMENTAL is an Envoy based Ingress controller with community and commercial support.
Traefik deploys by default as a well-suited Ingress controller.