Configure Ingress

Learn how to make Workloads available via a public URL in Humanitec.

Using Ingress to access a workload outside the cluster

Many workloads need to be accessible from outside the cluster. Often the workload should be reachable from the public internet. Examples include web-applications or workloads that provide a part of a public API.
Kubernetes has a concept known as Ingress. Ingress is a system for routing traffic from outside a cluster to a service inside the cluster. Ingress is at its simplest a set of rules for how to route traffic. The rules always include a DNS name or hostname and can optionally include parts of URLs to match.
For example, a cluster containing 3 workloads where one is a frontend for an online shop and the other two provide two provide the catalogue and payments parts of the API might have Ingress rules structured as follows:
Port: 4220
PathPrefix: /catalog/
Port 8080
PathPrefix: /payments/
Port 3001
In this example, all traffic to is routed to port 4220 on the frontend-workload. Traffic to is routed to either port 8080 on the catalogue-workloador port 3001 on the payments-workload depending on the prefix of the path in the URL.

DNS resources and Ingress

Humanitec takes care generating the Ingress manifests that will be deployed in the cluster. To to that it needs a DNS resource. DNS resources can either be specific to a Workload or shared across an Application. In the above example, should be specific to the Workload as it is only used by frontend-workload. is used by 2 Workloads which means it makes sense for it to be a Shared Resource.
When you add a DNS Resource in Humanitec, you don't actually specify the DNS name you want. You simply declare a dependency on a DNS resource. Your DevOps or Operations team will have configured Humanitec to generate an appropriate DNS name for you.
If you need to reference a DNS name that will be provisioned for a resource, you can use Placeholders. For example, to reference the name of a DNS resource with ID shop-frontend-dns, you could using ${}.
See Working with Environment Variables for more information.

Path rules in Ingress

Kubernetes ingress allows the definition of rules to route traffic to the same DNS name to different services. Each rule will direct the specified traffic to the port specified on the workload. There are 4 types of path rules supported by Humanitec:
Path Rule Type
All traffic not captured by other rules will be routed using this rule.
Only traffic with a path exactly matching this rule will be routed.
Any traffic with a path that starts with this pattern will be routed.
The Ingress Controller defines how this is interpreted.
In most cases Default or Prefix is used.

Adding Ingress to a Workload

Ingresses are added to Workloads. The rules in an Ingress refer to the current workload.
  1. 1.
    Enter the Workload Details screen for the Workload you want to add Ingress for.
  2. 2.
    Ensure you are in Draft mode. If you are not, you can select it from the Deployment drop-down.
  3. 3.
    Add a DNS resource if necessary from the External Resources drop down. (See Adding Shared Resources for DNS names that should be shared between workloads.)
  4. 4.
    Either click the button or select the DNS Resource you want to define Ingress for from the list in the Ingress section.
  5. 5.
    Select the type of rule you want to add.
  6. 6.
    If applicable, define the path. (No path is required for Default rules.)
  7. 7.
    Choose the port that a container in this workload is listening on.
  8. 8.
    Add additional rules if necessary.
  9. 9.
    Click Done to add the new rules to the Draft.