Skip to content

Ingress

Instead of talking about Ingress directly, let's take a look at a simple scenario.

Static Rules

Reverse Proxy

You have several services started on a machine, and you have nginx installed What will you do to let external users to access these different services?

Different ports? Could work.

Different domains and/or different subpaths? Yes, with nginx, you can totally work with that.

graph LR

domain1(svc1.abc.com) -->|request| nginx(Nginx) -->|check| rule1(Rule: svc1.abc.com -> Service 1) -->|route| svc1(Service 1)
domain2(svc2.abc.com) -->|request| nginx(Nginx) -->|check| rule2(Rule: svc2.abc.com -> Service 2) -->|route| svc2(Service 2)
domain3(www.abc.com/svc3) -->|request| nginx(Nginx) -->|check| rule3(Rule: svc3.abc.com -> Service 3) -->|route| svc3(Service 3)

subgraph Services
    svc1
    svc2
    svc3
end

subgraph Rules
    rule1
    rule2
    rule3
end

Manage Rules

Now, if there are new services deployed from time to time, we need to update our nginx config from time to time.

Do it yourself!

What if we build an interface, then the owner of the service can update their nginx rules by themselves?

We will build a web portal, and the owners can input their service address, domain name and subpath. Then web portal will save these informations into a database.

Then we will start another process, and it will update the nginx rules once there is a change in the database.

graph LR

domains(svc1.abc.com<br>svc2.abc.com) -->|request| nginx(Nginx) -->|check| rules(Rule: svc1.abc.com -> Service 1<br>Rule: svc2.abc.com -> Service 2) -->|route| svcs(Service 1<br>Service 2)

web(Web<br>Portal) --> json(JSON Data) --> webback(Web<br>Portal<br>Backend) --> database(Database) --- watch{Watch} --> |database<br>changes|proc(Process) --> |Update|rules

Ingress

Now, let's look at Ingress.

Kubectl or other Kubenetes clients is similar to the Web Portal. It sends the Ingress data (also as JSON) to Kube API Server. Then the data is saved into etcd.

The Nginx Controller will use the Kube API Server's watch interface to watch the changes of Ingress resources. Upon any changes, the controller will update the Nginx routing rules.

graph LR

domains(svc1.abc.com<br>svc2.abc.com) -->|request| nginx(Nginx) -->|check| rules(Rule: svc1.abc.com -> Service 1<br>Rule: svc2.abc.com -> Service 2) -->|route| svcs(Service 1<br>Service 2)

web(kubectl/<br>client) --> json(Ingress) --> webback(Kube<br>API<br>Server) --> database(etcd) --- watch{Watch} --> |database<br>changes|proc(Nginx<br>Controller) --> |Update|rules

class web,json,webback,database,proc active
classDef active stroke:#f26f33,stroke-width:2px