Documentation
Applications
Kubernetes
Ingress

Ingress

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Prerequisites

Before you create an Ingress, you need to have the following:

  • An installed Ingress Controller in your cluster. SkyU supports NGINX and Traefik Ingress Controllers. You can install the Ingress Controller by following the instructions in the Ingress Controller section.
  • DNS records for the domain you want to use for the Ingress. You can register a wildcard or a DNS in SkyU Clusters. Read more in Cluster DNS section.
  • Cert Manager installed in your cluster if you want to use cert-manager certificates. You can install cert-manager by following the instructions in the Cert Manager section.

Create Ingress

You can create an Ingress by clicking on the Create Ingress button under specific Kubernetes environment inside an application in the SkyU Console.

Metadata Details

In the metadata section, you can provide the following details:

FieldDescriptionExample
NameName of the Ingress. This has to be unique across your organization and should not contain special characters.test-ingress
NamespaceSelect the namespace where the Ingress should be created.default
ClusterSelect the cluster where the Ingress should be created.docker-desktop
AnnotationsAdd annotations to the Ingress. This is used for adding metadata to the Ingress.

Annotations

Annotations are key-value pairs that can be used to specify non-identifying metadata about objects. They can be used to store information that is not part of the object definition.

Skyu supports the following annotations for Ingress:

  • skyu.io/ingress.cert : This annotation is used to specify the certificate for the Ingress. These are the expected values for the annotation:
    • private : This annotation is used to specify that the Ingress should be secured with a custom certificate user has manually made.
    • cert-manager : This annotation is used to specify that the Ingress should be secured with a cert-manager certificate. If this is chosen, the user should provide the cert-manager issuer name in the skyu.io/ingress.cert.issuer annotation.
    • none : This annotation is used to specify that the Ingress should not be secured with a certificate.
  • skyu.io/ingress.provider : This annotation is used to specify the Ingress provider. These are the expected values for the annotation:
  • nginx : This annotation is used to specify that the Ingress should be created with the NGINX Ingress Controller.
  • traefik : This annotation is used to specify that the Ingress should be created with the Traefik Ingress Controller.

You can add any additional ingress annotations in the Annotations field.

Hosts and Paths

In the Hosts and Paths section, you can provide the following details:

FieldDescriptionExample
Select DNSYou can register a wildcard or a DNS in SkyU Clusters. Read more in Cluster DNS section
HostThe host name of the Ingress. This is the domain name that the Ingress will route traffic to.test.com
PathThe path of the Ingress. This is the path that the Ingress will route traffic to./
Service PortThe port of the service that the Ingress will route traffic to.80

TLS

If you enable TLS, provide the secret name that contains the certificate and key for the Ingress. The secret must be created in the same namespace as the Ingress.

If you are using cert-manager, you don't need to create a secret manually. Cert-manager will create the secret for you. Just give a name for the secret

Common Ingress Use Cases

NGINX Ingress Controller

Multi Service Routing

Ingress can be used to route traffic to multiple services based on the host name and path. You can create multiple rules in the Ingress to route traffic to different services based on the host name and path.

Here are the annotations you can use to create an Ingress with NGINX Ingress Controller:

AnnotationDescriptionValue
nginx.ingress.kubernetes.io/rewrite-targetThe value of this annotation is a regular expression that will be used to rewrite the URL. The Ingress controller will rewrite the URL based on the regular expression./$2
nginx.ingress.kubernetes.io/use-regexThis annotation is used to specify that the rewrite-target annotation should be treated as a regular expression.'true'
nginx.ingress.kubernetes.io/permanent-redirect-codeThis annotation is used to specify the HTTP status code for permanent redirect.301

Once these annotations are added, you can create multiple rules in the Ingress to route traffic to different services based on the host name and path. if you have a service running on the path /service1 and another service running on the path /service2, you can create an Ingress with the following rules:

  Path Type: ImplementationSpecific
  Path: /service1(/|$)(.*)
  Service Name: service1
  Service Port: 80
  Path Type: ImplementationSpecific
  Path: /service2(/|$)(.*)
  Service Name: service2
  Service Port: 80

WebSocket Support

Ingress can be used to route WebSocket traffic to services. You can create an Ingress with the following annotations to enable WebSocket support:

AnnotationDescriptionValue
nginx.ingress.kubernetes.io/websocket-servicesThis annotation is used to specify the services that should be treated as WebSocket services.service1
nginx.ingress.kubernetes.io/proxy-read-timeoutThis annotation is used to specify the timeout for reading a response from the proxied server.3600
nginx.ingress.kubernetes.io/proxy-send-timeoutThis annotation is used to specify the timeout for sending a request to the proxied server.3600
nginx.ingress.kubernetes.io/proxy-connect-timeoutThis annotation is used to specify the timeout for establishing a connection with the proxied server.3600

Handle Large Request Body

Ingress can be used to handle large request bodies. You can create an Ingress with the following annotations to handle large request bodies:

AnnotationDescriptionValue
nginx.ingress.kubernetes.io/proxy-body-sizeThis annotation is used to specify the maximum size of the request body that the server can accept.500m

SSL Passthrough

Sometimes, you may want to route SSL traffic to the services directly. This means you will be mounting certificates directly inside your container. You can create an Ingress with the following annotation to route SSL traffic to the services directly:

AnnotationDescriptionValue
nginx.ingress.kubernetes.io/ssl-passthroughThis annotation is used to specify that the Ingress should route SSL traffic to the services directly.true

AWS ALB Ingress Controller

Websocket Suppprt

Ingress can be used to route WebSocket traffic to services. You can create an Ingress with the following annotations to enable WebSocket support:

AnnotationDescriptionValue
alb.ingress.kubernetes.io/target-typeThis annotation is used to specify the target type for the ALB.ip
alb.ingress.kubernetes.io/listen-portsThis annotation is used to specify the ports that the ALB should listen on.[{"HTTPS": 443}]
alb.ingress.kubernetes.io/target-group-attributesThis annotation is used to specify the target group attributes for the ALB.stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
alb.ingress.kubernetes.io/load-balancer-attributesThis annotation is used to specify the load balancer attributes for the ALB.idle_timeout.timeout_seconds=600