If you have used K8s for running apps, you must know that two apps in k8s can talk each other by default (via k8s CNI networking). However, what if you want to access an app from your laptop browser? It will not work by default since IP address provided to the app is not accessible from outside the k8s cluster. But, accessing it from outside k8s cluster is a genuine ask. Think that you want to deploy the e-commerce website in k8s infra. Then any customer must be able to access webpage, login, cart etc from the browser. These apps will be running in the k8s cluster and hence we need an approach to solve this problem. This document helps in this regard.
Technical explanation
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Other approaches are NodePort and load balancer types service.
Insecure
Secure
Route all traffic for a host
Route traffic for a host with given path
Route any host traffic with given path
Secure traffic property
Edge termination - In this case, SSL will terminate in the ingress device.
Ingress device to backend can be insecure or secure. User can mention it if it wants to make backend connection secure.
So, it can enable re-encryption of traffic when forwarding to backend service
If user uses http instead of https, then admin can provide following options
Redirect to the https
Disallow the http
Allow the http
Passthrough
A new pathType field that can specify how Ingress paths should be matched.
A new IngressClass resource that can specify how Ingresses should be implemented by controllers.
Support for wildcards in hostnames.
Refer: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
https://kubernetes.io/docs/concepts/services-networking/ingress/