Configure Ingress
Learn how to make Workloads available via a public URL in Humanitec.
Many workloads need to be accessible from outside the cluster. Often the workload should be reachable from the public internet. Examples include web-applications or workloads that provide a part of a public API.
Kubernetes has a concept known as Ingress. Ingress is a system for routing traffic from outside a cluster to a service inside the cluster. Ingress is at its simplest a set of rules for how to route traffic. The rules always include a DNS name or hostname and can optionally include parts of URLs to match.
For example, a cluster containing 3 workloads where one is a
frontend for an online shop and the other two provide two provide the catalogue and payments parts of the API might have Ingress rules structured as follows:frontent-workload:
Host: shop.example.com
Port: 4220
catalogue-workload:
Host: api.example.com
PathPrefix: /catalog/
Port 8080
payments-workload:
Host: api.example.com
PathPrefix: /payments/
Port 3001
In this example, all traffic to
shop.example.com is routed to port 4220 on the frontend-workload. Traffic to api.example.com is routed to either port 8080 on the catalogue-workloador port 3001 on the payments-workload depending on the prefix of the path in the URL.Humanitec takes care generating the Ingress manifests that will be deployed in the cluster. To to that it needs a DNS resource. DNS resources can either be specific to a Workload or shared across an Application. In the above example,
shop.example.com should be specific to the Workload as it is only used by frontend-workload. api.example.com is used by 2 Workloads which means it makes sense for it to be a Shared Resource.When you add a DNS Resource in Humanitec, you don't actually specify the DNS name you want. You simply declare a dependency on a DNS resource. Your DevOps or Operations team will have configured Humanitec to generate an appropriate DNS name for you.
If you need to reference a DNS name that will be provisioned for a resource, you can use Placeholders. For example, to reference the name of a DNS resource with ID
shop-frontend-dns, you could using ${externals.shop-frontend-dns.host}.Kubernetes ingress allows the definition of rules to route traffic to the same DNS name to different services. Each rule will direct the specified traffic to the port specified on the workload. There are 4 types of path rules supported by Humanitec:
Path Rule Type | Description |
Default | All traffic not captured by other rules will be routed using this rule. |
Exact | Only traffic with a path exactly matching this rule will be routed. |
Prefix | Any traffic with a path that starts with this pattern will be routed. |
ImplementationSpecific | The Ingress Controller defines how this is interpreted. |
In most cases
Default or Prefix is used.Ingresses are added to Workloads. The rules in an Ingress refer to the current workload.
UI
- 1.
- 2.
- 3.Add a DNS resource if necessary from the External Resources drop down. (See Adding Shared Resources for DNS names that should be shared between workloads.)
- 4.Either click the button or select the DNS Resource you want to define Ingress for from the list in the Ingress section.
- 5.Select the type of rule you want to add.
- 6.If applicable, define the path. (No path is required for
Defaultrules.) - 7.Choose the port that a container in this workload is listening on.
- 8.Add additional rules if necessary.
- 9.Click Done to add the new rules to the Draft.
Last modified 1yr ago