Managing Ingress Traffic with Gateway API
Introduction
This tutorial guides you through using the Artifact Hub OCI Gateway API to manage Ingress traffic in Kubernetes. We’ll cover setting up a Kubernetes cluster, deploying an Ingress controller, interacting with the Artifact Hub OCI Gateway API, and verifying the traffic routing.
Prerequisites:
- A Kubernetes cluster (e.g., Minikube, Kind, or a cloud-based cluster).
kubectlconfigured to interact with your cluster.- Basic understanding of Kubernetes concepts like Pods, Services, and Ingress.
curlor a similar tool for making HTTP requests.- An Artifact Hub account (optional, for publishing your own Ingress resources).
Task 1: Deploying an Ingress Controller
An Ingress controller is responsible for routing external traffic to the appropriate Services within your cluster. We’ll use the Nginx Ingress Controller.
-
Apply the manifest for the Nginx Ingress Controller:
NODE_TYPE // bashkubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.5/deploy/static/provider/cloud/deploy.yamlReplacecontroller-v1.9.5with the latest version available from the ingress-nginx repository.This command deploys the necessary resources for the Nginx Ingress Controller. It may take a few minutes for the controller to be ready.
-
Verify the Ingress controller is running:
NODE_TYPE // bashkubectl get pods -n ingress-nginxNODE_TYPE // outputNAME READY STATUS RESTARTS AGE ingress-nginx-controller-6b8c6b959f-mql4p 1/1 Running 0 2m
Task 2: Deploying Sample Applications
Let’s deploy two simple applications that we’ll route traffic to using Ingress.
-
Create a
deployment.yamlfile with the following content:NODE_TYPE // yamlapiVersion: apps/v1 kind: Deployment metadata: name: app-one labels: app: app-one spec: replicas: 1 selector: matchLabels: app: app-one template: metadata: labels: app: app-one spec: containers: - name: app-one image: nginx:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: app-one-service spec: selector: app: app-one ports: - protocol: TCP port: 80 targetPort: 80 --- apiVersion: apps/v1 kind: Deployment metadata: name: app-two labels: app: app-two spec: replicas: 1 selector: matchLabels: app: app-two template: metadata: labels: app: app-two spec: containers: - name: app-two image: httpd:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: app-two-service spec: selector: app: app-two ports: - protocol: TCP port: 80 targetPort: 80 -
Apply the deployment:
NODE_TYPE // bashkubectl apply -f deployment.yamlNODE_TYPE // outputdeployment.apps/app-one created service/app-one-service created deployment.apps/app-two created service/app-two-service created -
Verify the deployments and services are running:
NODE_TYPE // bashkubectl get deployments,servicesNODE_TYPE // outputNAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/app-one 1/1 1 1 1m deployment.apps/app-two 1/1 1 1 1m NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/app-one-service ClusterIP 10.108.189.233 <none> 80/TCP 1m service/app-two-service ClusterIP 10.98.138.191 <none> 80/TCP 1m service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h2m
Task 3: Creating an Ingress Resource
Now, let’s define an Ingress resource to route traffic to our applications based on hostnames.
-
Create an
ingress.yamlfile with the following content:NODE_TYPE // yamlapiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: rules: - host: appone.example.com http: paths: - path: / pathType: Prefix backend: service: name: app-one-service port: number: 80 - host: apptwo.example.com http: paths: - path: / pathType: Prefix backend: service: name: app-two-service port: number: 80This Ingress resource will route traffic to
app-one-servicewhen the hostname isappone.example.comand toapp-two-servicewhen the hostname isapptwo.example.com. -
Apply the Ingress resource:
NODE_TYPE // bashkubectl apply -f ingress.yamlNODE_TYPE // outputingress.networking.k8s.io/my-ingress created -
Get the Ingress details
NODE_TYPE // bashkubectl get ingressNODE_TYPE // outputNAME CLASS HOSTS ADDRESS PORTS AGE my-ingress nginx appone.example.com,apptwo.example.com 192.168.49.2 80 10s
Task 4: Interacting with the Artifact Hub OCI Gateway API
The Artifact Hub OCI Gateway API allows you to manage Ingress resources as OCI artifacts. While the specifics of the API interaction (authentication, registry details, etc.) depend on your Artifact Hub setup, the general process involves:
-
Publishing Ingress Resources:
You would package your
ingress.yamlas an OCI artifact and push it to an OCI registry that the Artifact Hub OCI Gateway is configured to watch. This typically involves using tools likeoras.NODE_TYPE // bash# Example using oras (replace with your registry and artifact details) oras push <your-oci-registry>/<your-artifact-name>:v1 ingress.yaml:application/x-yamlConsult the Artifact Hub documentation for specific instructions on packaging and pushing OCI artifacts. -
Retrieving Ingress Resources:
The Artifact Hub OCI Gateway then makes these Ingress resources available via an API endpoint. The format of the API endpoint will depend on your Artifact Hub setup.
NODE_TYPE // bash# Example (replace with the correct API endpoint) curl -X GET "https://<your-artifact-hub-gateway>/api/v1/ingresses/<your-artifact-name>"The API response would contain the YAML definition of your Ingress resource, which you could then apply to your Kubernetes cluster.
-
Applying Ingress Resources (programmatically):
You can use
kubectl applyto apply the retrieved Ingress definition. This can be automated in a CI/CD pipeline or other management tools.NODE_TYPE // bash# Example (assuming you have jq installed and the Ingress YAML in a file) curl -s "https://<your-artifact-hub-gateway>/api/v1/ingresses/<your-artifact-name>" | jq -r '.spec' > ingress.yaml kubectl apply -f ingress.yamlThe Artifact Hub OCI Gateway API details (endpoint, authentication, etc.) are highly specific to your deployment. Consult your Artifact Hub administrator for the correct information.
Task 5: Verifying Traffic Routing
To verify that the Ingress is routing traffic correctly, you need to update your local machine’s /etc/hosts file (or use a DNS server) to point appone.example.com and apptwo.example.com to the IP address of your Ingress controller.
-
Get the external IP address of the Ingress controller:
NODE_TYPE // bashkubectl get service -n ingress-nginx ingress-nginx-controllerIf you are using Minikube, you can use the Minikube IP:
NODE_TYPE // bashminikube ipNODE_TYPE // output192.168.49.2 -
Edit your
/etc/hostsfile (you will need administrator privileges):NODE_TYPE // bashsudo vi /etc/hosts -
Add the following lines to the
/etc/hostsfile, replacing192.168.49.2with the actual IP address of your Ingress controller:NODE_TYPE // text192.168.49.2 appone.example.com 192.168.49.2 apptwo.example.com -
Access the applications in your browser:
- Open
http://appone.example.comin your browser. You should see the default Nginx page (served byapp-one). - Open
http://apptwo.example.comin your browser. You should see the default Apache page (served byapp-two).
- Open
Conclusion
In this tutorial, you learned how to use the Artifact Hub OCI Gateway API to manage Ingress traffic in Kubernetes. You deployed an Ingress controller, defined Ingress resources, and verified that traffic was routed correctly based on hostnames. You explored the concepts of publishing and retrieving Ingress resources as OCI artifacts via the Artifact Hub OCI Gateway API. Remember to consult your Artifact Hub administrator for the specific API endpoint and authentication details for your deployment.