Create an Ingress¶
In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:
Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.
Prerequisites¶
- Container management module connected to Kubernetes cluster or created Kubernetes, and can access the cluster UI interface.
- Completed a namespace creation, user creation, and authorize the user as NS Editor role, for details, refer to Namespace Authorization.
- Completed Create Ingress Instance, Deploy Application Workload, and have created the corresponding Service
- When there are multiple containers in a single instance, please make sure that the ports used by the containers do not conflict, otherwise the deployment will fail.
Create ingress¶
-
After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.
-
In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.
Note
It is also possible to Create from YAML .
-
Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.
Create HTTP protocol ingress¶
Parameter | Description | Example value |
---|---|---|
Ingress name | [Type] Required [Meaning] Enter the name of the new ingress. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter, lowercase English letters or numbers. | Ing-01 |
Namespace | [Type] Required [Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. | default |
Protocol | [Type] Required [Meaning] Refers to the protocol that authorizes inbound access to the cluster service, and supports HTTP (no identity authentication required) or HTTPS (identity authentication needs to be configured) protocol. Here select the ingress of HTTP protocol. | HTTP |
Domain Name | [Type] Required [Meaning] Use the domain name to provide external access services. The default is the domain name of the cluster | testing.daocloud.io |
LB Type | [Type] Required [Meaning] The usage range of the Ingress instance. Scope of use of Ingress Platform-level load balancer : In the same cluster, share the same Ingress instance, where all Pods can receive requests distributed by the load balancer. Tenant-level load balancer : Tenant load balancer, the Ingress instance belongs exclusively to the current namespace, or belongs to a certain workspace, and the set workspace includes the current namespace, and all Pods can receive it Requests distributed by this load balancer. | Platform Level Load Balancer |
Ingress Class | [Type] Optional [Meaning] Select the corresponding Ingress instance, and import traffic to the specified Ingress instance after selection. When it is None, the default DefaultClass is used. Please set the DefaultClass when creating an Ingress instance. For more information, refer to Ingress Class< br /> | Ngnix |
Session persistence | [Type] Optional [Meaning] Session persistence is divided into three types: L4 source address hash , Cookie Key , L7 Header Name . Keep L4 Source Address Hash : : When enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\(binary_remote_addr"<br /> __Cookie Key__ : When enabled, the connection from a specific client will be passed to the same Pod. After enabled, the following parameters are added to the Annotation by default:<br /> nginx.ingress.kubernetes.io/affinity: "cookie"<br /> nginx.ingress.kubernetes .io/affinity-mode: persistent<br /> __L7 Header Name__ : After enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\)http_x_forwarded_for" | Close |
Path Rewriting | [Type] Optional [Meaning] rewrite-target , in some cases, the URL exposed by the backend service is different from the path specified in the Ingress rule. If no URL rewriting configuration is performed, There will be an error when accessing. | close |
Redirect | [Type] Optional [Meaning] permanent-redirect , permanent redirection, after entering the rewriting path, the access path will be redirected to the set address. | close |
Traffic Distribution | [Type] Optional [Meaning] After enabled and set, traffic distribution will be performed according to the set conditions. Based on weight : After setting the weight, add the following Annotation to the created Ingress: nginx.ingress.kubernetes.io/canary-weight: "10" Based on Cookie : set After the cookie rules, the traffic will be distributed according to the set cookie conditions Based on Header : After setting the header rules, the traffic will be distributed according to the set header conditions | Close |
Labels | [Type] Optional [Meaning] Add a label for the ingress | - |
Annotations | [Type] Optional [Meaning] Add annotation for ingress | - |
Create HTTPS protocol ingress¶
Parameter | Description | Example value |
---|---|---|
Ingress name | [Type] Required [Meaning] Enter the name of the new ingress. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter, lowercase English letters or numbers. | Ing-01 |
Namespace | [Type] Required [Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview. [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number. | default |
Protocol | [Type] Required [Meaning] Refers to the protocol that authorizes inbound access to the cluster service, and supports HTTP (no identity authentication required) or HTTPS (identity authentication needs to be configured) protocol. Here select the ingress of HTTPS protocol. | HTTPS |
Domain Name | [Type] Required [Meaning] Use the domain name to provide external access services. The default is the domain name of the cluster | testing.daocloud.io |
Secret | [Type] Required [Meaning] Https TLS certificate, Create Secret. | |
Forwarding policy | [Type] Optional [Meaning] Specify the access policy of Ingress. Path: Specifies the URL path for service access, the default is the root path/ directoryTarget service: Service name for ingress Target service port: Port exposed by the service | |
LB Type | [Type] Required [Meaning] The usage range of the Ingress instance. Platform-level load balancer : In the same cluster, the same Ingress instance is shared, and all Pods can receive requests distributed by the load balancer. Tenant-level load balancer : Tenant load balancer, the Ingress instance belongs exclusively to the current namespace or to a certain workspace. This workspace contains the current namespace, and all Pods can receive the workload from this Balanced distribution of requests. | Platform Level Load Balancer |
Ingress Class | [Type] Optional [Meaning] Select the corresponding Ingress instance, and import traffic to the specified Ingress instance after selection. When it is None, the default DefaultClass is used. Please set the DefaultClass when creating an Ingress instance. For more information, refer to Ingress Class< br /> | None |
Session persistence | [Type] Optional [Meaning] Session persistence is divided into three types: L4 source address hash , Cookie Key , L7 Header Name . Keep L4 Source Address Hash : : When enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\(binary_remote_addr"<br /> __Cookie Key__ : When enabled, the connection from a specific client will be passed to the same Pod. After enabled, the following parameters are added to the Annotation by default:<br /> nginx.ingress.kubernetes.io/affinity: "cookie"<br /> nginx.ingress.kubernetes .io/affinity-mode: persistent<br /> __L7 Header Name__ : After enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\)http_x_forwarded_for" | Close |
Labels | [Type] Optional [Meaning] Add a label for the ingress | |
Annotations | [Type] Optional [Meaning] Add annotation for ingress |
Create ingress successfully¶
After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click ┇ to modify or delete the selected ingress.