Few core Kubernetes resources have a more colorful history than Ingress. Kubernetes Ingress waited patiently as a beta resource for a long time, quietly garnering support before finally being moved to v1 under networking.k8s.io.
Almost all of our customers are using Kubernetes, at least in part, to host web services of some form. In these scenarios, Ingresses, Ingress controllers and other integrations built on Ingress offer tremendous value as a standard API. However, this is also a complicated problem to solve with different configuration options and different controllers it can be hard to configure Ingress resources correctly. We thought we’d have a go at making things easier. Our Ingress Builder tool was the result.
Kubernetes Ingress Builder
Ingress Builder was developed to make configuring Ingress resources more interactive by allowing users to discover and configure annotations for their Ingress controllers easily in a single web interface.
- Multiple ingress controllers: Add annotations from the following controllers: Traefik, Nginx-ingress, Kong, Ha-proxy, Azure-gateway, Amazon-load-balancer.
- Cert-manager: Secure your routes with TLS using cert-manager Ingress annotations.
- Multiple API versions: Select the correct Ingress template for your Kubernetes cluster version.
You can try out Ingress Builder here.
Our goal with Ingress Builder is not to replace controller documentation, but to be a tool to help users browse the available config options and generate a valid YAML resource at the same time. Each annotation will also link to the respective paragraph in the controller’s documentation.
Configuring an Ingress resource with Ingress Builder
Let’s say we have a cluster with both the NGINX Ingress Controller and cert-manager already installed, plus the required certificate issuers, our Ingress configuration would follow the following steps:
- We start by selecting a compatible Ingress version for our Kubernetes cluster. In this example we will use the latest stable Ingress version (
networking.k8s.io/v1
). - We then select the nginx-ingress Ingress controller on the top right of the page. In this scenario, we would like to set different connection timeout values for the request passing through the Ingress. Select timeout from the nginx-ingress side-panel section and select the timeout annotations needed:
- nginx.ingress.kubernetes.io/proxy-send-timeout
- nginx.ingress.kubernetes.io/proxy-read-timeout
- nginx.ingress.kubernetes.io/proxy-connect-timeout.
- We now need to add the cert-manager.io/cluster-issuer annotation to our Ingress and specify our cluster issuer name. Select issuers from the cert-manager side-panel section and select the cert-manager.io/cluster-issuer annotation.
We can now copy our manifest to clipboard and update the Ingress spec field with our service details.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/proxy-send-timeout: '200'
nginx.ingress.kubernetes.io/proxy-read-timeout: '200'
nginx.ingress.kubernetes.io/proxy-connect-timeout: '200'
cert-manager.io/cluster-issuer: lets-encrypt-prod
spec:
rules:
- host: $YOUR_HOST
http:
paths:
- path: $YOUR_PATH
pathType: Prefix
backend:
service:
name: $YOUR_SERVICE
port:
number: $YOUR_SERVICE_PORT
tls:
- hosts:
- $YOUR_HOST
secretName: $YOUR_TLS_SECRET
Future work
We plan to support configuration of the spec
field, as well as supporting more add-ons (beyond cert-manager) which also utilize annotations such as external-dns. We’re also keeping a keen eye on the Gateway API that is under active development.
Get started with TLS Protect for Kubernetes
With our TLS Protect for Kubernetes service, we’ll also help you manage and configure cert-manager and enable you to see a view of the certificates and their status across your clusters. The issuer wizard will help you create Issuer manifests ready to be applied, including ACME (e.g. Let’s Encrypt), HashiCorp Vault and more. It’s free to get started with your first cluster.