Ingress Controllers

There are numerous ingress controllers available for Kubernetes. This includes options officially supported by the Kubernetes project and others third-party controllers. While Humanitec is capable of working with any ingress controller, it defaults to assuming the ingress-nginx controller is used.

This page provides a general guide to configuring Humanitec to work with any ingress controller as well as more details on the 3 Kubernetes supported controllers of ingress-nginx, AWS Load Balancer Controller and ingress-gce.

Configure ingress controllers

There are 2 areas that required updates work configure an ingress controller in Humanitec:

  1. The loadbalancer field in the k8s-cluster resource type that represents the Kubernetes Cluster.

    This must always be set

  2. The ingressClassName that is set in the ingress resource.

    This is only required if you use an ingress controller other than ingress-nginx or have defined your own ingress class.

Working with ingress-nginx

Documentation, including installation instructions, can be found here.

Determining the load-balancer

The load-Balancer IP or DNS name can be determined for a default ingress-nginx installation via:

kubectl get service ingress-nginx-controller -n ingress-nginx

The EXTERNAL-IP field contains the IP address of the load balancer that has been provisioned.

Working with AWS load balancer ingress controller

Documentation, including installation instructions, can be found here.

Ingress annotations

In general, the following annotations must be set on the ingress:

Annotation Value Description ip Allows ingress to route to normal services of type ClusterIP humanitec-ingress-group Ensures that only a single ALB is provisioned for all ingress objects in the cluster - working around the limitation mentioned at the top of the page.

Working with the Google Cloud External Load Balancer

If you want to use the Google Cloud External Load Balancer features like HTTPS, Cloud Armor, Identity Aware Proxy (IAP), etc. you will need to configure your Google Cloud infrastructure as well as your Humanitec Resource Definitions in order to run and scale your services behind a single external IP address.

For your Google Cloud infrastructure we suggest following this tutorial.

Setup your Resource Definitions like this:

  • The Resource Definition of type k8s-cluster connecting your GKE cluster needs to have the loadbalancer property set to the public IP address of your external load balancer.
  • The Resource Definition of type ingress must not have a tls_secret_name configured and must not depend on a tls-cert type Resource as TLS termination is done at the external load balancer.