Know how to use Ingress controllers and Ingress resources
5 minutes
5 Questions
In the context of the CKA exam, mastering Ingress requires understanding the relationship between the **Ingress Controller** and the **Ingress Resource** to manage Layer 7 (HTTP/HTTPS) external access.
1. **The Ingress Controller**: This is the backend software (e.g., NGINX, HAProxy, Traefik) that…In the context of the CKA exam, mastering Ingress requires understanding the relationship between the **Ingress Controller** and the **Ingress Resource** to manage Layer 7 (HTTP/HTTPS) external access.
1. **The Ingress Controller**: This is the backend software (e.g., NGINX, HAProxy, Traefik) that actually routes the traffic. Unlike built-in controllers, it is not part of the standard kube-controller-manager and must be deployed separately (usually as a Deployment exposed via a NodePort or LoadBalancer Service). In the exam, you may be asked to deploy a controller using provided manifests or debug why an existing controller isn't processing rules.
2. **The Ingress Resource**: This is the configuration object (`networking.k8s.io/v1`) where you define routing rules. You must be proficient in creating YAML manifests that specify:
- **Rules**: Mapping traffic based on **Hosts** (e.g., `video.example.com`) and **Paths** (e.g., `/api` vs `/login`).
- **Backends**: Pointing specific rules to the correct internal Service (name and port).
- **PathType**: Correctly setting `Prefix` or `Exact` matching.
- **Annotations**: Using controller-specific metadata, such as `nginx.ingress.kubernetes.io/rewrite-target`, to modify request paths before they reach the application.
- **IngressClass**: Specifying which controller should handle the resource.
A vital concept to remember is that an Ingress Resource has no effect without a running Ingress Controller. If you create a resource and the `ADDRESS` field remains empty, the controller is likely missing or misconfigured.
Mastering Ingress: Controllers and Resources for the CKA Exam
Why is it Important? In a production Kubernetes environment, exposing every application via a 'LoadBalancer' service is inefficient and expensive (as it requires a Public IP for every service). Ingress solves this by providing a single entry point (a smart router) that manages external access to multiple services in a cluster, typically via HTTP/HTTPS. It allows for SSL termination and path-based routing.
What is it? To use Ingress, you need two things: 1. The Ingress Controller: A pod (like NGINX, HAProxy, or Traefik) that runs on the cluster. It acts as a reverse proxy and load balancer. 2. The Ingress Resource: A Kubernetes API object (YAML) where you define the routing rules (e.g., traffic for domain.com/api goes to Service A).
How it works When you create an Ingress Resource, the Ingress Controller detects the new configuration. It automatically reconfigures its internal routing logic to match your rules. When external traffic hits the Controller's IP, it checks the hostname and path of the request and forwards it to the appropriate backend Service, which then balances it to a Pod.
How to answer questions regarding Ingress in the exam CKA questions will typically ask you to expose an existing deployment or service to the outside world using specific path rules. You might also be asked to troubleshoot why a specific route is returning a 404 error.
Step-by-Step Strategy: 1. Identify the Backend: Run kubectl get svc to find the name and port of the service you need to expose. 2. Generate the Skeleton: Use the imperative command to generate the YAML structure. This saves time typing the complex nested rules. kubectl create ingress <name> --rule="host/path=service:port" --class=nginx --dry-run=client -o yaml 3. Refine the YAML: Ensure the pathType is set (usually 'Prefix') and check if annotations are required.
Exam Tips: Answering Questions on Know how to use Ingress controllers and Ingress resources 1. Don't forget the Ingress Class: In modern Kubernetes versions, you must define the ingressClassName (usually 'nginx') in your spec. If you omit this, the controller may ignore your resource completely. 2. Watch out for Annotations (Rewrite Target): This is a common exam hurdle. If the question asks to route /pay to the root / of a service, you must use a rewrite annotation. For the NGINX controller, you typically add: nginx.ingress.kubernetes.io/rewrite-target: / to the metadata. 3. Service Port vs. Target Port: In the Ingress YAML, the service.port.number must match the port defined on the Service object, not the container's internal targetPort. 4. Namespace Scope: The Ingress resource must be created in the same namespace as the backend Service. You cannot route traffic to a service in a different namespace. 5. Default Backend: If a question asks for a 'default backend' (where traffic goes if no rules match), this is defined separately from the 'rules' list in the spec.