Ingress acts as a layer-7 load balancer, built into the cluster, utilizing an ingress controller, such as contour, nginx or haproxy. This can provide https access into the cluster, through a single url.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.1
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
name: nginx-ingress
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
This service account gets Roles, ClusterRoles and RoleBindings permissions.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-wear
spec:
defaultBackend:
service:
name: wear-service
port:
number: 80
kubectl create -f ingress.yml
ingress 'ingress-wear' created
kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-wear <none> * 80 4s