Ingress Controllers
There are numerous ingress controllers available for Kubernetes. This includes options officially supported by the Kubernetes project and others third-party controllers. While Humanitec is capable of working with any ingress controller, it defaults to assuming the ingress-nginx controller is used.
This page provides a general guide to configuring Humanitec to work with any ingress controller as well as more details on the 3 Kubernetes supported controllers of ingress-nginx, AWS Load Balancer Controller and ingress-gce.
Limitations
Humanitec currently does not support dynamically generated load balancers. This means that the load balancer IP or DNS name must be known before a deployment commences.
Configure ingress controllers
There are 2 areas that required updates work configure an ingress controller in Humanitec:
-
The
loadbalancerfield in thek8s-clusterresource type that represents the Kubernetes Cluster.This must always be set
-
The
ingressClassNamethat is set in theingressresource.This is only required if you use an ingress controller other than ingress-nginx or have defined your own ingress class.
Working with ingress-nginx
Documentation, including installation instructions, can be found here.
Determining the load-balancer
The load-Balancer IP or DNS name can be determined for a default ingress-nginx installation via:
kubectl get service ingress-nginx-controller -n ingress-nginx
The EXTERNAL-IP field contains the IP address of the load balancer that has been provisioned.
Working with AWS load balancer ingress controller
Documentation, including installation instructions, can be found here.
Ingress annotations
In general, the following annotations must be set on the ingress:
| Annotation | Value | Description |
|---|---|---|
alb.ingress.kubernetes.io/target-type |
ip |
Allows ingress to route to normal services of type ClusterIP |
alb.ingress.kubernetes.io/group.name |
humanitec-ingress-group |
Ensures that only a single ALB is provisioned for all ingress objects in the cluster - working around the limitation mentioned at the top of the page. |
Working with the Google Cloud External Load Balancer
If you want to use the Google Cloud External Load Balancer features like HTTPS, Cloud Armor, Identity Aware Proxy (IAP), etc. you will need to configure your Google Cloud infrastructure as well as your Humanitec Resource Definitions in order to run and scale your services behind a single external IP address.
For your Google Cloud infrastructure we suggest following this tutorial.
Setup your Resource Definitions like this:
- The Resource Definition of type
k8s-clusterconnecting your GKE cluster needs to have theloadbalancerproperty set to the public IP address of your external load balancer. - The Resource Definition of type
ingressmust not have atls_secret_nameconfigured and must not depend on atls-certtype Resource as TLS termination is done at the external load balancer.