Thursday

19-06-2025 Vol 19

Kubernetes Deployment with Two-Path Ingress Routing on EKS via Kubernetes Ingress Route Paths

Tech News May 22, 2025

Kubernetes Deployment: Two-Path Ingress Routing on EKS via Kubernetes Ingress Route Paths

In modern cloud-native applications, efficient routing of incoming traffic is crucial for optimal performance and user experience. Kubernetes Ingress, especially when combined with Amazon Elastic Kubernetes Service (EKS), offers a powerful and flexible way to manage external access to your services. This article delves into a specific and powerful configuration: two-path Ingress routing on EKS using Kubernetes Ingress Route Paths. We’ll explore the concepts, benefits, and a step-by-step guide to implementing this configuration.

Table of Contents

  1. Introduction to Kubernetes Ingress and EKS
    • What is Kubernetes Ingress?
    • Benefits of using Ingress
    • Amazon EKS Overview
  2. Understanding Ingress Controllers
    • What are Ingress Controllers?
    • Popular Ingress Controllers (NGINX, Traefik, AWS Load Balancer Controller)
    • Choosing the Right Ingress Controller
  3. Two-Path Ingress Routing: Concepts and Benefits
    • What is Two-Path Ingress Routing?
    • Use Cases for Two-Path Routing
    • Benefits of Implementing Two-Path Routing
  4. Setting up EKS Cluster
    • Prerequisites
    • Creating an EKS Cluster using `eksctl`
    • Configuring `kubectl` to connect to your EKS Cluster
  5. Deploying Sample Applications
    • Creating Deployment and Service definitions for two applications
    • Applying the Deployment and Service definitions
    • Verifying the application deployment
  6. Configuring Ingress with Route Paths
    • Installing the AWS Load Balancer Controller
    • Creating an Ingress resource with path-based routing
    • Understanding the Ingress resource configuration
  7. Testing the Ingress Configuration
    • Obtaining the Load Balancer DNS Name
    • Accessing the applications via the specified paths
    • Verifying the routing behavior
  8. Advanced Configuration and Considerations
    • TLS/SSL Termination
    • Custom Annotations and Configuration
    • Monitoring and Logging
  9. Troubleshooting Common Issues
    • Ingress Controller not functioning
    • Path routing not working as expected
    • SSL/TLS certificate issues
  10. Best Practices for Ingress Management on EKS
    • Security Considerations
    • Scalability and Performance Optimization
    • Automation and Infrastructure as Code (IaC)
  11. Conclusion

1. Introduction to Kubernetes Ingress and EKS

What is Kubernetes Ingress?

Kubernetes Ingress is an API object that manages external access to services within a Kubernetes cluster. It acts as a single entry point, exposing multiple services through a single IP address. Ingress rules define how traffic should be routed to different backend services based on the host name or path in the request. Think of it as a reverse proxy or a smart router for your Kubernetes services.

Benefits of using Ingress

  • Centralized Access: Provides a single entry point for all external traffic, simplifying routing and management.
  • Path-Based Routing: Allows routing traffic to different services based on the URL path.
  • Host-Based Routing: Allows routing traffic based on the hostname in the request.
  • TLS/SSL Termination: Can handle TLS/SSL encryption and decryption, offloading this task from the backend services.
  • Load Balancing: Distributes traffic across multiple instances of a service for improved performance and availability.
  • Simplified Configuration: Reduces the complexity of managing multiple load balancers.

Amazon EKS Overview

Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. EKS automates critical tasks like upgrades, patching, and scaling, freeing you to focus on building and deploying your applications.

2. Understanding Ingress Controllers

What are Ingress Controllers?

An Ingress Controller is a specific implementation that fulfills the Ingress resource definition. It is a component running within your Kubernetes cluster that interprets the Ingress resource and configures the underlying infrastructure (like a load balancer) to route traffic accordingly. Without an Ingress Controller, the Ingress resource itself is just a configuration specification.

Popular Ingress Controllers

  • NGINX Ingress Controller: A widely used and highly performant Ingress Controller based on the popular NGINX web server and reverse proxy. It’s flexible, configurable, and supports a wide range of features.
  • Traefik: A modern Ingress Controller designed for dynamic environments like Kubernetes. It automatically discovers services and configures itself based on your Kubernetes resources.
  • AWS Load Balancer Controller: Specifically designed for EKS, this controller provisions and manages AWS Application Load Balancers (ALBs) in response to Ingress resources. This is the controller we will be using in this tutorial.

Choosing the Right Ingress Controller

The best Ingress Controller for your needs depends on your specific requirements and environment. Consider the following factors:

  • Ease of Use: How easy is it to configure and manage?
  • Performance: How well does it handle traffic?
  • Features: Does it support the features you need (e.g., TLS/SSL, custom annotations)?
  • Integration: Does it integrate well with your existing infrastructure?
  • Community Support: How active is the community and how readily available is documentation and support?

3. Two-Path Ingress Routing: Concepts and Benefits

What is Two-Path Ingress Routing?

Two-path Ingress routing, also known as path-based routing, is a configuration where incoming traffic is routed to different backend services based on the URL path specified in the request. For example, requests to `/app1` might be routed to application A, while requests to `/app2` are routed to application B. This allows you to expose multiple applications or services through a single domain name and IP address.

Use Cases for Two-Path Routing

  • Microservices Architecture: Route traffic to different microservices based on the path.
  • Versioned APIs: Route traffic to different versions of an API (e.g., `/v1`, `/v2`).
  • Multiple Applications on a Single Domain: Host multiple applications or websites on the same domain, differentiating them by path.
  • A/B Testing: Route a portion of traffic to a new version of an application for testing purposes.
  • Content Management Systems (CMS): Route different content types to different backend systems (e.g., `/blog` to a blog platform, `/shop` to an e-commerce platform).

Benefits of Implementing Two-Path Routing

  • Simplified Infrastructure: Reduces the need for multiple load balancers and external IPs.
  • Cost Savings: Conserves resources and reduces infrastructure costs.
  • Improved Organization: Provides a clear and logical structure for routing traffic.
  • Enhanced Security: Easier to manage security policies and access control.
  • Flexibility: Allows you to easily add or modify routes without affecting other services.

4. Setting up EKS Cluster

Prerequisites

Before you begin, ensure you have the following prerequisites:

  • AWS Account: An active AWS account with appropriate permissions.
  • AWS CLI: The AWS Command Line Interface installed and configured. Ensure it has the necessary permissions to manage EKS and related resources.
  • `kubectl`:** The Kubernetes command-line tool installed and configured.
  • `eksctl`:** A command-line tool for creating and managing EKS clusters. Install it from eksctl.io.
  • IAM Role for your AWS user: Ensure your AWS user has sufficient IAM Role to be able to manage EKS, EC2 and other related services.

Creating an EKS Cluster using `eksctl`

The easiest way to create an EKS cluster is using `eksctl`. Run the following command (replace `my-cluster` with your desired cluster name and `us-west-2` with your desired AWS region):

eksctl create cluster --name my-cluster --region us-west-2

This command will create a new EKS cluster with a default configuration. The creation process can take 15-20 minutes.

Configuring `kubectl` to connect to your EKS Cluster

`eksctl` usually automatically configures `kubectl` to connect to your newly created cluster. However, if you encounter issues, you can manually configure `kubectl` using the following command:

aws eks update-kubeconfig --name my-cluster --region us-west-2

Verify the connection by running:

kubectl get nodes

You should see a list of nodes in your EKS cluster.

5. Deploying Sample Applications

We will deploy two simple applications to demonstrate the two-path routing. These applications will simply display a message indicating which application is being accessed.

Creating Deployment and Service definitions for two applications

Create two files, `app1-deployment.yaml` and `app2-deployment.yaml`, with the following content:

app1-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app1-deployment
  labels:
    app: app1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: app1
  template:
    metadata:
      labels:
        app: app1
    spec:
      containers:
      - name: app1
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: app1-service
spec:
  selector:
    app: app1
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP

app2-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app2-deployment
  labels:
    app: app2
spec:
  replicas: 2
  selector:
    matchLabels:
      app: app2
  template:
    metadata:
      labels:
        app: app2
    spec:
      containers:
      - name: app2
        image: nginx:latest
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: app2-service
spec:
  selector:
    app: app2
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP

These files define Deployments and Services for two simple Nginx applications. Each deployment creates two replicas, and each service exposes the deployment on port 80.

Applying the Deployment and Service definitions

Apply the definitions using `kubectl`:

kubectl apply -f app1-deployment.yaml
kubectl apply -f app2-deployment.yaml

Verifying the application deployment

Verify that the deployments and services are running:

kubectl get deployments
kubectl get services

You should see the `app1-deployment`, `app2-deployment`, `app1-service`, and `app2-service` listed as running.

6. Configuring Ingress with Route Paths

Installing the AWS Load Balancer Controller

We will use the AWS Load Balancer Controller to manage our Ingress resource. First, you need to install the controller. Follow the official AWS documentation to install the AWS Load Balancer Controller:

These steps typically involve:

  • Creating an IAM Role: An IAM role with the necessary permissions for the controller to manage AWS resources.
  • Installing the Controller: Deploying the controller as a Kubernetes deployment. This usually involves applying a YAML manifest from the AWS documentation.

Creating an Ingress resource with path-based routing

Create a file named `ingress.yaml` with the following content:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
spec:
  rules:
  - http:
      paths:
      - path: /app1
        pathType: Prefix
        backend:
          service:
            name: app1-service
            port:
              number: 80
      - path: /app2
        pathType: Prefix
        backend:
          service:
            name: app2-service
            port:
              number: 80

This Ingress resource defines two paths: `/app1` and `/app2`. Requests to `/app1` will be routed to the `app1-service`, and requests to `/app2` will be routed to the `app2-service`. The `pathType: Prefix` means that any path starting with `/app1` or `/app2` will be routed accordingly.

Understanding the Ingress resource configuration

  • `apiVersion: networking.k8s.io/v1`:** Specifies the API version for the Ingress resource.
  • `kind: Ingress`:** Indicates that this is an Ingress resource definition.
  • `metadata.name: my-ingress`:** The name of the Ingress resource.
  • `metadata.annotations`:** Annotations provide additional configuration options for the Ingress Controller.
    • `kubernetes.io/ingress.class: alb`:** Tells Kubernetes to use the AWS Load Balancer Controller for this Ingress.
    • `alb.ingress.kubernetes.io/scheme: internet-facing`:** Creates an internet-facing Application Load Balancer.
    • `alb.ingress.kubernetes.io/target-type: ip`:** Configures the ALB to target pods directly using their IP addresses.
  • `spec.rules`:** Defines the routing rules for the Ingress.
    • `http.paths`:** A list of paths and their corresponding backend services.
      • `path: /app1`:** The path to match.
      • `pathType: Prefix`:** Matches any path that starts with `/app1`.
      • `backend.service.name: app1-service`:** The name of the service to route traffic to.
      • `backend.service.port.number: 80`:** The port on the service to route traffic to.

7. Testing the Ingress Configuration

Obtaining the Load Balancer DNS Name

Apply the Ingress resource:

kubectl apply -f ingress.yaml

After a few minutes, the AWS Load Balancer Controller will create an Application Load Balancer in your AWS account. To obtain the DNS name of the load balancer, run:

kubectl get ingress my-ingress

Look for the `ADDRESS` column in the output. This is the DNS name of your load balancer. It may take a few minutes for the DNS name to become available.

Accessing the applications via the specified paths

Open your web browser and navigate to the following URLs (replace `YOUR_LOAD_BALANCER_DNS` with the DNS name you obtained in the previous step):

  • `http://YOUR_LOAD_BALANCER_DNS/app1`
  • `http://YOUR_LOAD_BALANCER_DNS/app2`

Verifying the routing behavior

You should see the Nginx default page when accessing these addresses. You can customize the Nginx configuration in the deployments to display different content based on the requested path to further verify the routing behavior.

You can further verify the routing by exec’ing into the pods and checking the access logs. For instance:

  1. Get the name of the pod: 
    kubectl get pods
  2. Exec into pod and check access log: 
    kubectl exec -it <pod_name> -- bash
cat /var/log/nginx/access.log

8. Advanced Configuration and Considerations

TLS/SSL Termination

To secure your Ingress with TLS/SSL, you can configure the Ingress resource to use a certificate. You can use AWS Certificate Manager (ACM) to provision and manage SSL certificates. Add the following annotation to your Ingress resource:

alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:YOUR_REGION:YOUR_ACCOUNT_ID:certificate/YOUR_CERTIFICATE_ID

Replace `YOUR_REGION`, `YOUR_ACCOUNT_ID`, and `YOUR_CERTIFICATE_ID` with your actual values.

You also need to update the scheme to `https`

alb.ingress.kubernetes.io/scheme: internet-facing

become

alb.ingress.kubernetes.io/scheme:  https

Custom Annotations and Configuration

The AWS Load Balancer Controller supports a wide range of annotations that allow you to customize the behavior of the Application Load Balancer. Refer to the official AWS Load Balancer Controller documentation for a complete list of supported annotations.

Monitoring and Logging

Monitor the health and performance of your Ingress and backend services. Use Kubernetes monitoring tools like Prometheus and Grafana to collect and visualize metrics. Enable logging on your Ingress Controller and backend services to troubleshoot issues.

9. Troubleshooting Common Issues

Ingress Controller not functioning

  • Verify Controller Deployment: Ensure the AWS Load Balancer Controller is deployed and running correctly. Check the logs of the controller pods for errors.
  • IAM Permissions: Verify that the IAM role associated with the controller has the necessary permissions.
  • Kubernetes Version: Ensure your Kubernetes version is compatible with the AWS Load Balancer Controller version.

Path routing not working as expected

  • Ingress Resource Configuration: Double-check the Ingress resource configuration for errors in the path definitions or backend service names.
  • Service Selection: Ensure the service selectors in the Ingress resource match the labels on the pods of the backend services.
  • Path Type: Verify the `pathType` is correctly configured (e.g., `Prefix`, `Exact`, `ImplementationSpecific`).

SSL/TLS certificate issues

  • Certificate ARN: Ensure the certificate ARN in the Ingress resource is correct.
  • Certificate Validity: Verify that the SSL certificate is valid and not expired.
  • ACM Region: Ensure the ACM certificate is in the same region as your EKS cluster.

10. Best Practices for Ingress Management on EKS

Security Considerations

  • TLS/SSL Encryption: Always use TLS/SSL encryption to protect traffic between clients and your services.
  • Network Policies: Implement network policies to restrict network traffic between pods and services.
  • Authentication and Authorization: Implement authentication and authorization mechanisms to control access to your services.
  • Regular Security Audits: Conduct regular security audits to identify and address potential vulnerabilities.

Scalability and Performance Optimization

  • Horizontal Pod Autoscaling (HPA): Use HPA to automatically scale your backend services based on traffic demand.
  • Connection Pooling: Implement connection pooling to reduce the overhead of creating new connections.
  • Caching: Use caching to improve performance and reduce the load on your backend services.
  • Load Balancing Algorithm: Experiment with different load balancing algorithms to optimize traffic distribution.

Automation and Infrastructure as Code (IaC)

  • Infrastructure as Code: Use IaC tools like Terraform or CloudFormation to automate the creation and management of your EKS cluster and Ingress resources.
  • Continuous Integration and Continuous Deployment (CI/CD): Integrate your Ingress configuration into your CI/CD pipeline for automated deployments.

Conclusion

Kubernetes Ingress with two-path routing on EKS offers a powerful and flexible way to manage external access to your applications. By understanding the concepts, benefits, and configuration steps outlined in this article, you can effectively implement two-path routing to simplify your infrastructure, reduce costs, and improve the performance and scalability of your applications. Remember to follow best practices for security, scalability, and automation to ensure a robust and reliable Ingress solution.

“`

omcoding

Related Posts
May 26, 2025 Tech News by omcoding

Google Digusur AI, Masa Jayanya Diramal Sisa 5 Tahun Lagi

Google Digusur AI? Masa Jayanya Diramal Sisa 5 Tahun Lagi? Analisis Mendalam Era keemasan Google, sang raksasa mesin pencari, dikabarkan…
May 26, 2025 Tech News by omcoding

OG Star Wars Battlefront devs were asked to make Battlefront 3 in just one year, but Pandemic couldn’t hit LucasArts’ timeline

Beban Setahun: Bagaimana Ambisius *Star Wars Battlefront 3* Jatuh Akibat Tenggat Waktu LucasArts Kisah tragis tentang potensi yang hilang dan…
May 28, 2025 Tech News by omcoding

Setting up a Nix Development Environment with Flakes and direnv

Setting Lingkungan Pengembangan Nix dengan Flakes dan direnv Selamat datang di panduan lengkap untuk menyiapkan lingkungan pengembangan Nix menggunakan Flakes…
May 20, 2025 Tech News by omcoding

Research roadmap update, May 2025

Pembaruan Peta Jalan Penelitian: Mei 2025 – Menavigasi Masa Depan Inovasi Selamat datang kembali, para inovator, pemikir, dan penggerak! Saat…
May 22, 2025 Tech News by omcoding

Demo or Die Trying: A Guide to Screen-share Survival

Demo or Die Trying: A Guide to Screen-Share Survival In today’s remote-first world, the screen-share demo has become the lifeblood…
May 23, 2025 Tech News by omcoding

Zero to SEO Hero: Uncover the Secret Behind Online Success

Zero to SEO Hero: Ungkap Rahasia di Balik Kesuksesan Online Apakah Anda baru memulai perjalanan SEO atau merasa kewalahan dengan…
May 22, 2025 Tech News by omcoding

[Boost]

Cara Ampuh Meningkatkan Produktivitas dan Semangat Kerja: Panduan Lengkap Apakah Anda merasa terjebak dalam rutinitas harian yang membosankan? Apakah produktivitas…
May 25, 2025 Tech News by omcoding

Tired of receiving Database Hibernated messages? Keep Your DB Awake with Hibernot !

Tired of Receiving Database Hibernated Messages? Keep Your DB Awake with Hibernot! Are you constantly battling the dreaded “Database Hibernated”…
May 25, 2025 Tech News by omcoding

17 Years Across Giants: My Transition into the Data World through Collaboration and Change

17 Tahun di Seberang Raksasa: Transisiku ke Dunia Data Melalui Kolaborasi dan Perubahan Perjalanan karier bisa menjadi labirin yang berliku,…
May 21, 2025 Tech News by omcoding

🌟 The Ultimate Git Reference: All Commands from Beginner to Advanced

🌟 Referensi Git Terlengkap: Semua Perintah dari Pemula hingga Mahir Git adalah sistem kontrol versi terdistribusi yang sangat penting untuk…

Leave a Reply

Your email address will not be published. Required fields are marked *

OmCoding

Acta non Verba
Β© Copyright 2025