Ingress Configuration Guide

Overview

Ingress configuration is a crucial part of exposing your services in Kubernetes. This guide covers how to configure ingress across different cloud providers and common scenarios.

Basic Configuration

Here's a basic ingress configuration structure:

ingress:
  enabled: false
  annotations: {}
  labels: {}
  pathType: Prefix
  hosts:
    - host: chart-example.local
      path: /
  tls:
    enabled: false
    # secretName: chart-example-tls

Cloud Provider Specific Configuration

AWS EKS

AWS Documentation

ingress:
  enabled: true
  className: alb
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip

Google Cloud (GKE)

GCP Documentation

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: gce          # For external load balancer
    # kubernetes.io/ingress.class: gce-internal # For internal load balancer

Azure AKS

Azure Documentation

ingress:
  enabled: true
  className: webapprouting.kubernetes.azure.com

NGINX Ingress Controller

NGINX Documentation

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx

Path Types

Ingress paths must have one of these types:

• ImplementationSpecific: Path interpretation is up to the IngressClass
• Prefix: Matches based on URL path prefix
• Exact: Matches the URL path exactly

ingress:
  pathType: Prefix  # Default
  # pathType: Exact
  # pathType: ImplementationSpecific

TLS Configuration

TLS configuration varies by cloud provider:

• AKS: Managed through Azure App Gateway or cert-manager
• GKE: Supports native GCP certificates
• EKS: Usually configured through AWS Certificate Manager
• NGINX: Supports direct TLS secret configuration

ingress:
  tls:
    enabled: true
    secretName: my-tls-secret

Provider-Specific TLS Notes

• AKS: SSL/TLS Configuration Guide
• GKE: SSL Certificates Guide
• EKS: ACM Integration Guide
• NGINX: TLS Configuration Guide

Best Practices

1. Annotations

   • Use provider-specific annotations for optimal performance
   • Document all custom annotations
   • Keep annotations consistent across similar services

2. Path Configuration

   • Use specific path types for predictable routing
   • Avoid overlapping paths
   • Consider service context when choosing path types

3. TLS Configuration

   • Always enable TLS in production
   • Use managed certificates when available
   • Implement automatic certificate rotation

4. Monitoring

   • Configure health checks appropriately
   • Monitor ingress controller metrics
   • Set up alerts for certificate expiration