Member-only story
Some details about how Kubernetes Ingress Controller works
In this article I write down my steps to understand how the network traffic from Internet is passed through Ingress Controller.
I’ve been using Traefik as Ingress Controller in my Kubernetes cluster for a while. Thanks to the helpful articles here, and here, explaining the setup.
When I’m trying to get a understanding about how it works, this is a great article, especially this diagram.
A simplified diagram of my setup is like below:
As introduced here, there are 3 methods to expose the Ingress Controller (or a service) to Internet.
- Use external LoadBalancer, for example, in this article. This method requires the cloud provider provides the LoadBalancer service.
spec:
selector:
k8s-app: traefik-ingress
ports:
- protocol: TCP
port: 80
name: http
- protocol: TCP
port: 443
name: https
type: LoadBalancer2. Use NodePorts, for example, in this article. This method will expose a random port in range of 30000–32767 on the host running the pod. So to expose the Ingress Controller to Internet, another proxy is required to redirect the traffic.
spec:
selector:
k8s-app: traefik-ingress-lb
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 8080
name: admin
type: NodePort3. Use HostPort, which is the way I’m following, from the traefik official guide.
spec:
containers:
- image: traefik
name: traefik-ingress-lb
ports:
- containerPort: 80
hostPort: 80
- containerPort: 443
hostPort: 443
- containerPort: 8080I’m using this method because:
- My cloud provider is a self-managed provider with great price and flexibility, but not so many customized services. “type: LoadBalancer” never works for me.
- I created a single-master, many-workers cluster. I expect low network traffic. The Ingress Controller is deployed on the single master node. I point all DNS records for the (sub-)domain to the master node. It’s quite easy to setup.
- A cluster with multiple…
