Providing External Access to Cloudflow Services
In K8s you can allow external (HTTP) network traffic to reach your services by creating Ingresses and adding an Ingress Controller to your cluster.
This section shows how to install an Ingress controller and how to create an Ingress for your services.
|An Ingress opens up a permanent, unauthenticated route by default. Kubernetes does not provide any authentication on ingresses. Authentication has to be implemented by the exposed service or by the ingress controller.|
An ingress is a Kubernetes resource that defines a set of routing rules and is serviced by an ingress controller.
There is a wide selection of ingress controllers available. The following link contains a list of the most common ones.
Before creating an ingress resource, there must be an enabled ingress controller in the cluster.
The Kubernetes project directly supports and maintains two ingress controllers,
gce. In this example, we will use the
Nginx-ingress ingress controller since it is compatible with all major cloud vendors (GCP, AWS, and Azure).
The following link shows how to deploy the
Nginx-ingress ingress controller.
The ingress resource defines routes between the outside of the cluster to an application running in the cluster.
In the example below, we create an ingress that exposes the
sensor-data-scala-http-ingress-service service in the namespace
|When the Cloudflow operator deploys an application that has one or more streamlets with a server attribute, the operator will create a Kubernetes Service resource for each of these streamlet. The Service resource is what we will use below to create a route using an ingress from the outside to the streamlet.|
kubernetes.io/ingress.class in the ingress resource below is the selector used by the ingress controller. If you installed another ingress controller, review its documentation to learn how it selects ingress resources.
After applying the following resource to the cluster, the ingress controller will create the corresponding route from the outside network to the service.
cat <<EOF | kubectl apply -f - apiVersion: extensions/v1beta1 kind: Ingress metadata: name: sensor-data-http-ingress namespace: sensor-data-scala annotations: kubernetes.io/ingress.class: nginx spec: rules: - http: paths: - path: /sensor-data backend: servicePort: 3000 serviceName: sensor-data-scala-http-ingress-service EOF
View the ingress resource to check the progress of the ingress controller assigning an address to the resource. This may take a few minutes.
> kubectl get ingress -n sensor-data-scala NAME HOSTS ADDRESS PORTS AGE sensor-data-http-ingress * 188.8.131.52 80 59s
The ingress now has an address and data can be sent to the ingress on the address