First thing to discuss is whats is the difference between Service and Ingress? What is the difference between two?
Lets start with a simple scenario.
We are working on an application and that has an online store selling products. It is available at my-online-store.com. It s built into a Docker image and deployed on a Kubernetes cluster as POD in a deployment. We need a database and we deployed MySQL database as a POD and created a service of type cluster IP called MySQL service to make it accessible to the application.
Application is now up and running. We need to make it accessible to outside world. We create an another service and its type of Node Port and make the application available on a high port on the node. For example it can be port 38080. User can now access the application using the URL http://<node IP>:38080.
User can able to access the application and whenever traffic increases the number of replicas of the POD to handle the additional traffic. The service takes care of splitting the traffic in between PODs.
However this is not the way we deploy production grade applications. As you know there are many more things involved in addition to splitting the traffic.
We do not need users to type in the IP address. You need to configure the url my-online-store.com. You dont need user to type the port number too. What we can do is we bring in an additional layer between DNS and cluster.
Users can now access the application by simply visiting the URL.
If we have deployed our application in public cloud environment like AWS, GCP, instead of creating a service of type Node Port for the application, we can use the type Load Balancer.
Now after few years, company’s business grows and now you have new services for the customers. For example we have a video streaming service for users. Assume it can be accessed via www.my-online-store.com/watch. We need our old application accessible www.my-online-store.com/wear. Our video streaming application is completely different application and it has nothing to do with the existing one. However to share the same cluster and resources, we deploy it as a separate deployment within the same cluster.
Users can access the applications based on the URL that the user types in. then we need another proxy or load balancer that can redirect traffic based on url to different services.
Meaning every time you introduce a new service, you have to reconfigure the load balancer and need to enable SSL for your applications so that users can access the application via HTTPS.
That is a lots of different configurations and all of these becomes difficult to manage when the application grows like this. It required different individuals/ teams, we need to configure different firewall rules and its expensive to maintain many cloud load balancers etc..
What if we can manage all of these within Kubernetes cluster using just anther K8s definition file? That is where Ingress comes in.
Ingress helps users access the application using a single external accessible URL that you can configure to route to different services in the cluster based on the URL part and at the same time implement SSL as well.
Its similar to layer 7 load balancer build in to the Kubernetes cluster that can be configured using native Kubernetes primitives like any other K8s objects.
Even with Ingress you have to expose it thru Node Port or Load Balancer, but that is just one time config. But all complex config will be done on the Ingress.
How Can we Configure it?
First of all lets talk about how would we have a such set up without ingress. We can use a reverse proxy or a load balancing solution like nginx, HA proxy etc..Ingress is configured in same way by using any of such reverse proxy. Then specify a set of rules to configure ingress.
Such a solution we call as an ingress controller and the set of rules you configure are called as ingress resources. Ingress resources are crated using definition files like ones we used to create other K8s objects.
It is important to know tha Kubernetes cluster does not come with an ingress controller by default.
We must deploy one of the controller like Nginx, HA proxy, Istio etc..
These are not like normal reverse proxy or load balancer. The ingress controller have additional intelligence built into them.
If we take nginx as an example, it will deploy as a just another deployment inside the cluster.
How to configure ingress controller, ingress resources etc.. we will discuss in another article.