Home > Mobile >  Kubernetes nginx ingress controller with multiple ingress resource objects
Kubernetes nginx ingress controller with multiple ingress resource objects

Time:09-29

Kubernetes ingress allows us to define rules using ingress resource objects. We have one nginx ingress controller deployed. However for Ingress we have the following needs.

Ingress taking care of external-auth using "auth-url" TLS termination in Ingress. Rules for multiple backend services to route.

Is it possible to define an Ingress with only external-auth definition for all routes. Without specifying the "rule" clause as we plan to maintain dedicated Ingress resource yaml files for routing.

Ex: Ingress1.yaml: Common SSL Termination ingress

resource "kubernetes_ingress" "ssl_terminate_ingress" {
  metadata {
    name = "ssl-termination-ingress"
    namespace = "kube-system"
  }
  spec {
    tls {
      hosts = ["example.com"]
      secret_name = "tls_secret"
    }
  }

  //PLEASE SEE NO RULES AS WE WANT TO DEFINE FOR EVERY APPLICATION IN A SEPARATE FILE
}

Ingress2.yaml: Common JWT Ingress for all routes

resource "kubernetes_ingress" "jwt_auth_ingress" {
  metadata {
    name = "jwt-auth-ingress" 
    namespace = "kube-system",
    annotations = {
      "nginx.ingress.kubernetes.io/auth-url" = "http://my-auth-service"
    }
  }

}

Ingress 3.yaml - Application ingress

resource "kubernetes_ingress" "app_ingress" {
  metadata {
    name = "app-ingress"
    namespace = "app-ns"
  }
  rule {
      host = "example.com"
      http {
        path {
          path = "/my-app"
          backend {
            service_name = "app-service"
            service_port = 80
          }
        }
      }
}

So we expect Ingress3.yaml to be application ingress and previous two ingress files should be applied before this.

Can we achieve this? Or will it be a single Ingress resource file to be defined where we define all these 3 together for the whole K8s Cluster

CodePudding user response:

TL;DR: Yes you need to keep them together in a single ingress.

Explanation:

An ingress is a route to your deployed application in simple words. Having TLS or JWT authentication are "properties" or "additional functionalities" for that route.

In the scenario you presented, you have:

  • ingress1.yaml defining a route to nothing with the property/functionality of TLS termination.
  • ingress2.yaml is a route to nothing with the property/functionality of JWT authentication.
  • ingress3.yaml defining a route to your application without any additional properties.

You need an ingress which defines the route to your application, with the additional functionality of TLS and JWT authentication. You can achieve this by combining all in one ingress.

Page link:https//www.codepudding.com/Mobile/132586.html

Prev:Kubernetes python API get instances of CRD
Next:Design k8s app which get data from external source and send to same destination
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding