Configuring an Ingress

Configuring an Ingress - 图1note

For Kubernetes v1.21 and up, the NGINX Ingress controller no longer runs in hostNetwork by default. It instead uses hostPorts for port 80 and port 443, so you can configure the admission webhook to be accessible only through the ClusterIP. This ensures that the webhook is only accessible from within the cluster.

Because of this change to the controller, the default RKE1 behavior no longer sets hostNetwork to true. However, you must set hostNetwork to true for TCP- and UDP-based Services to work. To do so, edit the cluster’s YAML and follow the steps in the official RKE1 doccumention.

Specify a hostname to use

If you use this option, Ingress routes requests for a hostname to the service or workload that you specify.

  1. Specify a path of type Prefix and specify a path such as /.
  2. Add a Target Service.
  3. Optional: If you want to specify a workload or service when a request is sent to a particular hostname path, add a Path for the target. For example, if you want requests for www.mysite.com/contact-us to be sent to a different service than www.mysite.com, enter /contact-us in the Path field. Typically, the first rule that you create does not include a path.
  4. Enter the Port number that each target operates on.

Certificates

Configuring an Ingress - 图2note

You must have an SSL certificate that Ingress can use to encrypt and decrypt communications. For more information, see Adding SSL Certificates.

  1. To create an Ingress controller, click the Certificates tab.
  2. Click Add Certificate.
  3. Select a Certificate - Secret Name from the drop-down list.
  4. Enter the host using encrypted communication.
  5. To add more hosts that use the same certificate, click Add Hosts.

Labels and Annotations

Add Labels and/or Annotations to provide metadata for your Ingress controller.

For a list of annotations available for use, see the Nginx Ingress Controller Documentation.