In Enterprise Distributed Application Service (EDAS), an Ingress is a collection of routing rules that are used to route external HTTP or HTTPS traffic to internal Services. You can configure different Kubernetes Ingresses for an application. This way, external requests can be routed to different Services in a cluster based on different routing rules. This topic describes how to configure an Ingress for an application and configure routing rules in the EDAS console.
By default, an Ingress controller is deployed when you create a Kubernetes cluster. The Ingress controller is used to parse the routing rules of the Ingresses in the cluster. After the Ingress controller receives a request that matches a routing rule of an Ingress, the Ingress controller routes the request to the corresponding Service. Then, the Service forwards the request to pods and the pods process the request.
- A Service is an abstraction of an application that is deployed on a set of replicated pods.
- An Ingress is a collection of routing rules that are used to route external HTTP or HTTPS traffic to internal Services.
- An Ingress controller is a reverse proxy that parses the routing rules of Ingresses and routes HTTP or HTTPS traffic to the corresponding Service based on the rules.
Constraint on managing Ingresses in a Kubernetes cluster
You must not modify the Ingress resources created by EDAS. The resources have the
edas-domain: edas-admin or
- Log on to the EDAS console.
- In the left-side navigation pane, click Application Routing.
- On the Application Routing (Kubernetes Ingress) page, select a region in the top navigation bar. Then, select a microservice namespace.
- On the Application Routing (Kubernetes Ingress) page, click Create application route.
- In the Create application route (k8s advance) panel, set the K8s Cluster, K8s namespace, and Application route name parameters. Click Add forwarding rule, set relevant parameters, and then click Yes.
Parameter Description K8s Cluster The Kubernetes cluster for which you want to create the Ingress. Select the Kubernetes cluster from the drop-down list. K8s namespace The Kubernetes namespace of the cluster. Internal system objects are allocated to different Kubernetes namespaces to form logically isolated projects, groups, or user groups. This way, different groups can be separately managed and can also share the resources of the entire cluster. Valid values:
- default: the default Kubernetes namespace. If no Kubernetes namespace is specified for an object, the default Kubernetes namespace is used.
- kube-system: the Kubernetes namespace of the objects that are created by the system.
- kube-public: the Kubernetes namespace that is automatically created by the system. This Kubernetes namespace can be read by all the users, including the users who are not authenticated.
In this example, default is selected.
Redirect to HTTPS Specifies whether to redirect HTTP requests to HTTPS. If you turn on Redirect to HTTPS, HTTP requests are redirected to HTTPS. Application route name The name of the Ingress. The name must be unique in the selected namespace.
The name can contain lowercase letters, digits, and hyphens (-). It must start with a letter and end with a letter or a digit.
Forwarding rulesNote Take note of the following items when you create Ingresses:
- You can create multiple routing rules for an Ingress.
- The combination of a specific domain name and a specific path can be used as the address of only one Service.
- A Service can correspond to multiple combinations of domain names and paths.
- You can create the same routing rules for different Ingresses.
domain name The domain name to be accessed. Path The path to be accessed. The path must start with a forward slash (/). Application The application to be accessed in the selected Kubernetes cluster. Select the application from the drop-down list. Service name The Service of the application to be accessed. Select the required Service from the drop-down list. Service port The port of the Service. Open The TLS If you turn on Open The TLS, external HTTPS requests are allowed to be routed to internal Services.
To allow external HTTPS requests, you must also specify the Transport Layer Security (TLS) certificate. In the secrets drop-down list, select the Secret that stores the information about the TLS certificate. If you have not created such a Secret, click New key to create one. For more information about how to create a Secret, see Create a Secret.After the Ingress is created, the Ingress appears in the Ingress list. You can manage the Ingress as needed. For example, you can view the details of the Ingress, modify the routing rules, delete the Ingress, and view the monitoring details of the Ingress.
Verify the result
In the address bar of a browser, enter the domain name and the path that are specified in the routing rule. Use the Domain name/Path format. Check whether you can access the specified Service.