Kubernetes ingress allows us to define rules using ingress resource objects. We have one nginx ingress controller deployed. However for Ingress we have the following needs.
Ingress taking care of external-auth using "auth-url" TLS termination in Ingress. Rules for multiple backend services to route.
Is it possible to define an Ingress with only external-auth definition for all routes. Without specifying the "rule" clause as we plan to maintain dedicated Ingress resource yaml files for routing.
Ex: Ingress1.yaml: Common SSL Termination ingress
resource "kubernetes_ingress" "ssl_terminate_ingress" {
metadata {
name = "ssl-termination-ingress"
namespace = "kube-system"
}
spec {
tls {
hosts = ["example.com"]
secret_name = "tls_secret"
}
}
//PLEASE SEE NO RULES AS WE WANT TO DEFINE FOR EVERY APPLICATION IN A SEPARATE FILE
}
Ingress2.yaml: Common JWT Ingress for all routes
resource "kubernetes_ingress" "jwt_auth_ingress" {
metadata {
name = "jwt-auth-ingress"
namespace = "kube-system",
annotations = {
"nginx.ingress.kubernetes.io/auth-url" = "http://my-auth-service"
}
}
}
Ingress 3.yaml - Application ingress
resource "kubernetes_ingress" "app_ingress" {
metadata {
name = "app-ingress"
namespace = "app-ns"
}
rule {
host = "example.com"
http {
path {
path = "/my-app"
backend {
service_name = "app-service"
service_port = 80
}
}
}
}
So we expect Ingress3.yaml to be application ingress and previous two ingress files should be applied before this.
Can we achieve this? Or will it be a single Ingress resource file to be defined where we define all these 3 together for the whole K8s Cluster
CodePudding user response:
TL;DR: Yes you need to keep them together in a single ingress.
Explanation:
An ingress is a route to your deployed application in simple words. Having TLS or JWT authentication are "properties" or "additional functionalities" for that route.
In the scenario you presented, you have:
- ingress1.yaml defining a route to nothing with the property/functionality of TLS termination.
- ingress2.yaml is a route to nothing with the property/functionality of JWT authentication.
- ingress3.yaml defining a route to your application without any additional properties.
You need an ingress which defines the route to your application, with the additional functionality of TLS and JWT authentication. You can achieve this by combining all in one ingress.