Skip to content

Create an Ingress

In a Kubernetes cluster, Ingress exposes services from outside the cluster to inside the cluster HTTP and HTTPS ingress. Traffic ingress is controlled by rules defined on the Ingress resource. Here's an example of a simple Ingress that sends all traffic to the same Service:

ingress-diagram

Ingress is an API object that manages external access to services in the cluster, and the typical access method is HTTP. Ingress can provide load balancing, SSL termination, and name-based virtual hosting.

Prerequisites

Create ingress

  1. After successfully logging in as the NS Editor user, click Clusters in the upper left corner to enter the Clusters page. In the list of clusters, click a cluster name.

    Clusters

  2. In the left navigation bar, click Container Network -> Ingress to enter the service list, and click the Create Ingress button in the upper right corner.

    Ingress

    !!! note

     It is also possible to __Create from YAML__ .
    
  3. Open Create Ingress page to configure. There are two protocol types to choose from, refer to the following two parameter tables for configuration.

Create HTTP protocol ingress

  • parameter description example value
    Ingress name [Type] Required
    [Meaning] Enter the name of the new ingress.
    [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter, lowercase English letters or numbers.
    Ing-01
    Namespace [Type] Required
    [Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview.
    [Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number.
    default
    Protocol [Type] Required
    [Meaning] Refers to the protocol that authorizes inbound access to the cluster service, and supports HTTP (no identity authentication required) or HTTPS (identity authentication needs to be configured) protocol. Here select the ingress of HTTP protocol.
    HTTP
    Domain Name [Type] Required
    [Meaning] Use the domain name to provide external access services. The default is the domain name of the cluster
    testing.daocloud.io
    LB Type [Type] Required
    [Meaning] The usage range of the Ingress instance. Scope of use of Ingress
    Platform-level load balancer : In the same cluster, share the same Ingress instance, where all Pods can receive requests distributed by the load balancer.
    Tenant-level load balancer : Tenant load balancer, the Ingress instance belongs exclusively to the current namespace, or belongs to a certain workspace, and the set workspace includes the current namespace, and all Pods can receive it Requests distributed by this load balancer.
    Platform Level Load Balancer
    Ingress Class [Type] Optional
    [Meaning] Select the corresponding Ingress instance, and import traffic to the specified Ingress instance after selection. When it is None, the default DefaultClass is used. Please set the DefaultClass when creating an Ingress instance. For more information, refer to Ingress Class< br />
    Ngnix
    Session persistence [Type] Optional
    [Meaning] Session persistence is divided into three types: L4 source address hash , Cookie Key , L7 Header Name . Keep
    L4 Source Address Hash : : When enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\(binary_remote_addr"<br /> __Cookie Key__ : When enabled, the connection from a specific client will be passed to the same Pod. After enabled, the following parameters are added to the Annotation by default:<br /> nginx.ingress.kubernetes.io/affinity: "cookie"<br /> nginx.ingress.kubernetes .io/affinity-mode: persistent<br /> __L7 Header Name__ : After enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\)http_x_forwarded_for"
    Close
    Path Rewriting [Type] Optional
    [Meaning] rewrite-target , in some cases, the URL exposed by the backend service is different from the path specified in the Ingress rule. If no URL rewriting configuration is performed, There will be an error when accessing.
    close
    Redirect [Type] Optional
    [Meaning] permanent-redirect , permanent redirection, after entering the rewriting path, the access path will be redirected to the set address.
    close
    Traffic Distribution [Type] Optional
    [Meaning] After enabled and set, traffic distribution will be performed according to the set conditions.
    Based on weight : After setting the weight, add the following Annotation to the created Ingress: nginx.ingress.kubernetes.io/canary-weight: "10"
    Based on Cookie : set After the cookie rules, the traffic will be distributed according to the set cookie conditions
    Based on Header : After setting the header rules, the traffic will be distributed according to the set header conditions
    Close
    Labels [Type] Optional
    [Meaning] Add a label for the ingress
    -
    Annotations [Type] Optional
    [Meaning] Add annotation for ingress
    -

Create HTTPS protocol ingress

parameter description example value
Ingress name [Type] Required
[Meaning] Enter the name of the new ingress.
[Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter, lowercase English letters or numbers.
Ing-01
Namespace [Type] Required
[Meaning] Select the namespace where the new service is located. For more information about namespaces, refer to Namespace Overview.
[Note] Please enter a string of 4 to 63 characters, which can contain lowercase English letters, numbers and dashes (-), and start with a lowercase English letter and end with a lowercase English letter or number.
default
Protocol [Type] Required
[Meaning] Refers to the protocol that authorizes inbound access to the cluster service, and supports HTTP (no identity authentication required) or HTTPS (identity authentication needs to be configured) protocol. Here select the ingress of HTTPS protocol.
HTTPS
Domain Name [Type] Required
[Meaning] Use the domain name to provide external access services. The default is the domain name of the cluster
testing.daocloud.io
Secret [Type] Required
[Meaning] Https TLS certificate, Create Secret.
Forwarding policy [Type] Optional
[Meaning] Specify the access policy of Ingress.
Path: Specifies the URL path for service access, the default is the root path/
directoryTarget service: Service name for ingress
Target service port: Port exposed by the service
LB Type [Type] Required
[Meaning] The usage range of the Ingress instance.
Platform-level load balancer : In the same cluster, the same Ingress instance is shared, and all Pods can receive requests distributed by the load balancer.
Tenant-level load balancer : Tenant load balancer, the Ingress instance belongs exclusively to the current namespace or to a certain workspace. This workspace contains the current namespace, and all Pods can receive the workload from this Balanced distribution of requests.
Platform Level Load Balancer
Ingress Class [Type] Optional
[Meaning] Select the corresponding Ingress instance, and import traffic to the specified Ingress instance after selection. When it is None, the default DefaultClass is used. Please set the DefaultClass when creating an Ingress instance. For more information, refer to Ingress Class< br />
None
Session persistence [Type] Optional
[Meaning] Session persistence is divided into three types: L4 source address hash , Cookie Key , L7 Header Name . Keep
L4 Source Address Hash : : When enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\(binary_remote_addr"<br /> __Cookie Key__ : When enabled, the connection from a specific client will be passed to the same Pod. After enabled, the following parameters are added to the Annotation by default:<br /> nginx.ingress.kubernetes.io/affinity: "cookie"<br /> nginx.ingress.kubernetes .io/affinity-mode: persistent<br /> __L7 Header Name__ : After enabled, the following tag is added to the Annotation by default: nginx.ingress.kubernetes.io/upstream-hash-by: "\)http_x_forwarded_for"
Close
Labels [Type] Optional
[Meaning] Add a label for the ingress
Annotations [Type] Optional
[Meaning] Add annotation for ingress

Create ingress successfully

After configuring all the parameters, click the OK button to return to the ingress list automatically. On the right side of the list, click to modify or delete the selected ingress.

Ingress List

Comments