Kubernetes is a powerful tool for managing containerized applications at scale, and Ingress plays a crucial role in controlling external access to your services. In this blog, we’ll dive deep into Ingress in Azure Kubernetes Service (AKS), why it’s essential, and how to configure it, including setting up NGINX Ingress Controllers, using Azure’s Application Routing add-on, and creating path-based Ingress to route traffic to multiple applications.
What is Ingress?
In Kubernetes, Ingress is an API object that provides external access (HTTP/HTTPS) to services running inside the cluster. Instead of exposing each service using a separate LoadBalancer or NodePort, you can configure Ingress to route traffic efficiently based on predefined rules, such as URL paths or hostnames.
Why Use Ingress?
There are several reasons to use Ingress:
- Centralized Traffic Control: Ingress consolidates access to multiple services through a single IP address or DNS name, simplifying network configuration.
- Path-Based Routing: You can route traffic to different services within your cluster based on URL paths. For example, requests to /app1 could be routed to Service 1, and /app2 could go to Service 2.
- SSL/TLS Termination: Ingress can handle SSL/TLS termination, ensuring secure communication between clients and your services.
- Reduced LoadBalancers: Instead of provisioning multiple LoadBalancers, Ingress reduces costs by allowing you to expose several services through a single LoadBalancer with path-based rules.
Managed NGINX-Ingress with the Application Routing Add-On
Azure Kubernetes Service (AKS) provides a more seamless approach to managing ingress with the Application Routing add-on. This is a managed service that sets up an NGINX ingress controller for your AKS cluster automatically.
Benefits of Using Application Routing Add-On:
- No need for manual configuration of NGINX Ingress.
- Simplifies traffic routing in the AKS cluster.
- Managed by Azure, reducing overhead for Kubernetes administrators.
Enabling Application Routing on a New AKS Cluster
When we create a new AKS cluster, we can enable the Application Routing add-on directly via the Azure CLI. This is particularly useful if we’re starting from scratch and want to simplify ingress configuration.
az aks create \ --resource-group $RESOURCE_GROUP \ --name $CLUSTER_NAME\ --node-count 2 \ --node-vm-size $INSTANCE_TYPE \ --location $LOCATION \ --enable-app-routing \ --generate-ssh-keys
This command creates a new AKS cluster and enables application routing. it will create a namespace app-routing-system and run nginx-contoller.
Enabling Application Routing on an Existing AKS Cluster
Already have an AKS cluster? No problem! We can enable the Application Routing add-on on an existing cluster with just one command.
$ az aks approuting enable --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME
Once enabled, Azure will set up an ingress controller and provide a DNS zone for managing external access. We can verify by listing ns.
$ kubectl get ns
We can see the new namespace is created automatically. Now list the pods in this newly created namespace.
$ kubectl get pods -n app-routing-system
We can see the nginx ingress controller is running. Next, we will deploy two applications in a new namespace and expose them with ingress.
Create new ns and deploy blue/green apps
To demonstrate how ingress routing works, let’s look at an example of blue/green deployment. This deployment strategy allows you to have two versions of an application running simultaneously, and traffic can be shifted between them via Ingress rules.
Create a New Namespace for Blue/Green Applications
Start by creating a new namespace where we can deploy both blue and green versions of our application
$ kubectl create namespace app-store
Deploy the Blue and Green Applications
Here’s an example of Kubernetes deployment for both the blue and green versions of our application. please copy all the files from source code to your current working directory.
Deploy both the applicatons in our cluster,
$ kubectl apply -f bule-app.yaml -n app-store
$ kubectl apply -f green-app.yaml -n app-store
To verify our deployments,
$ kubectl get all -n app-store
Once both applications are deployed, we can configure ingress rules to control how traffic flows between these applications.
Creating a path-based ingress to run apps
With both applications running, the next step is to create a path-based Ingress that routes traffic to either the blue or green application based on the URL path.
#ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: path-based
namespace: app-store
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: webapprouting.kubernetes.azure.com
rules:
- http:
paths:
- path: /blue
pathType: Prefix
backend:
service:
name: blue
port:
number: 80
- path: /green
pathType: Prefix
backend:
service:
name: green
port:
number: 80In this example:
- Requests to http://<ip address>/blue are routed to the Blue App.
- Requests to http://<ip address>/green are routed to the Green App.
Apply the Ingress configuration using the following command,
$ kubectl apply -f ingress.yaml -n app-store
List the ingress to get an ip address to run our applications.
$ kubectl get ingress -n app-store
Now, run our applications with ingress ip-address.
Apps Screenshots
With http://4.154.250.186/blue we will run the blue application.
With http://4.154.250.186/green we will run the green application.
Conclusion
Ingress is a powerful tool for managing traffic within your AKS cluster., Ingress simplifies access to our services, enables secure traffic flow, and reduces the number of LoadBalancers required.
Path-based routing, SSL termination, and centralized control are just a few of the advantages ingress offers in AKS. By following the steps outlined in this blog, you’ll be well on your way to effectively managing your services and creating scalable, secure applications in your Kubernetes environment. Happy deploying!
