Home > Software engineering >  What is the difference between kubernetes.io/ingress.class: "nginx" and "private"
What is the difference between kubernetes.io/ingress.class: "nginx" and "private"

Time:08-29

strong text I have a kubernetes cluster with argocd installed, and configured the argocd ingress according to https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/ -> kubernetes/ingress-nginx

However I cannot get it to work unless I set

kubernetes.io/ingress.class: nginx

to

kubernetes.io/ingress.class: private

My ingress.yaml before replacement:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
    - hosts:
        - argocd.my.example.domain
      secretName: argocd-int
  rules:
    - host: argocd.my.example.domain
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: argocd-server
              port:
                number: 443

I am fairly new to Kubernetes, so I am wondering what is the difference between the two? I just happened to find that difference when comparing the ingress.yaml to another project but did not find any explanation for it.

CodePudding user response:

kubernetes.io/ingress.class is mainly used to point the ingress to a specific ingress controller.

In Easy understanding if you are running the multiple Ingress controller like Nginx and another one is Apache in single K8s cluster.

When you install the ingress controller there is a field to set the name of the class which is further used in ingress as annotation kubernetes.io/ingress.class: private so that ingress is managed by a specific ingress controller(backend) and follows the rules sets.

Ingress class

Ingresses can be implemented by different controllers, often with different configuration. Each Ingress should specify a class, a reference to an IngressClass resource that contains additional configuration including the name of the controller that should implement the class.

Read more about the ingress class : https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class

Scenario

People run the multiple Nginx ingress controller with class names nginx-internal and nginx, Accordingly creating the ingress to forward & manage the traffic routing in the cluster by specifying the class to ingress rules.

Nginx-internal class has an example rule to append one header if traffic flow by that class ingress.

While just for example consider Nginx class for public usage so it will allow all headers to the backend or limited headers, it checks for Auth, traffic allowed from a few whitelisted IPs only with this class.

So with ingressclass you can run the multiple ingresses backed by multiple ingress controller having different rules set.

Incase anyone want to read more about how to update the class name and run multiple ingress controllers please visit: https://kubernetes.github.io/ingress-nginx/user-guide/multiple-ingress/

  • Related