Ingress¶
Instead of talking about Ingress
directly, let's take a look at a simple scenario.
Static Rules¶
Reverse Proxy
You have several services started on a machine, and you have nginx installed What will you do to let external users to access these different services?
Different ports? Could work.
Different domains and/or different subpaths? Yes, with nginx, you can totally work with that.
graph LR
domain1(svc1.abc.com) -->|request| nginx(Nginx) -->|check| rule1(Rule: svc1.abc.com -> Service 1) -->|route| svc1(Service 1)
domain2(svc2.abc.com) -->|request| nginx(Nginx) -->|check| rule2(Rule: svc2.abc.com -> Service 2) -->|route| svc2(Service 2)
domain3(www.abc.com/svc3) -->|request| nginx(Nginx) -->|check| rule3(Rule: svc3.abc.com -> Service 3) -->|route| svc3(Service 3)
subgraph Services
svc1
svc2
svc3
end
subgraph Rules
rule1
rule2
rule3
end
Manage Rules¶
Now, if there are new services deployed from time to time, we need to update our nginx
config from time to time.
Do it yourself!
What if we build an interface, then the owner of the service can update their nginx rules by themselves?
We will build a web portal
, and the owners can input their service address, domain name and subpath. Then web portal will save these informations into a database.
Then we will start another process, and it will update the nginx rules once there is a change in the database.
graph LR
domains(svc1.abc.com<br>svc2.abc.com) -->|request| nginx(Nginx) -->|check| rules(Rule: svc1.abc.com -> Service 1<br>Rule: svc2.abc.com -> Service 2) -->|route| svcs(Service 1<br>Service 2)
web(Web<br>Portal) --> json(JSON Data) --> webback(Web<br>Portal<br>Backend) --> database(Database) --- watch{Watch} --> |database<br>changes|proc(Process) --> |Update|rules
Ingress¶
Now, let's look at Ingress
.
Kubectl
or other Kubenetes clients
is similar to the Web Portal. It sends the Ingress
data (also as JSON) to Kube API Server
. Then the data is saved into etcd
.
The Nginx Controller
will use the Kube API Server
's watch
interface to watch the changes of Ingress
resources. Upon any changes, the controller will update the Nginx
routing rules.
graph LR
domains(svc1.abc.com<br>svc2.abc.com) -->|request| nginx(Nginx) -->|check| rules(Rule: svc1.abc.com -> Service 1<br>Rule: svc2.abc.com -> Service 2) -->|route| svcs(Service 1<br>Service 2)
web(kubectl/<br>client) --> json(Ingress) --> webback(Kube<br>API<br>Server) --> database(etcd) --- watch{Watch} --> |database<br>changes|proc(Nginx<br>Controller) --> |Update|rules
class web,json,webback,database,proc active
classDef active stroke:#f26f33,stroke-width:2px