To allow traffic to your applications, you must set up an Ingress resource and network policy. Ingress exposes HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. Network policies let you specify how a pod is allowed to communicate with various types of network entitities over the network.
This topic gives instructions for using Kore to generate and apply a
.yaml file that combines an Ingress resource and a network policy.
These steps generate an
ingress.yaml file containing an Ingress resource and a network policy.
The example used in these steps assumes that your application:
- is deployed into the namespace
- has a
myappservicekubernetes service that defines the
- should be accessible on the
app1.myproject.compublicly on the Internet
- should have a valid TLS certificate from a trusted certificate provider
- The workload you want to expose on an external domain is already running in a namespace on a cluster, using TLS.
- The workload you want to expose already has a corresponding kubernetes service.
- The external domain on which you want to expose the application has been configured in Kore.
To generate an
ingress.yaml file for an application:
In the Kore UI Team page, navigate to DNS
Locate the domain for your application, and then click Expose application via ingress.
Fill out the form in Step 1 of 4 as shown in this example:
The UI dynamically generates the corresponding
ingress.yamlfile in Step 2 o 4 on this page. Kore automatically deploys the
externalIngress controller used in the file.
ingress.yamlfile generated in this example:apiVersion: networking.k8s.io/v1beta1kind: Ingressmetadata:name: myappservice-ingressnamespace: bobannotations:kubernetes.io/ingress.class: "external"cert-manager.io/cluster-issuer: "prod-le-dns01"nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"spec:rules:- host: app1.myproject.comhttp:paths:- backend:serviceName: myappserviceservicePort: 8443tls:- hosts:- app1.myproject.comsecretName: myappservice-ingress-tls---apiVersion: networking.k8s.io/v1kind: NetworkPolicymetadata:name: myappservice-ingressnamespace: bobspec:ingress:- ports:- protocol: TCPport: 8443from:- namespaceSelector:matchLabels:name: kore-ingresspodSelector:matchLabels:name: "myapp"policyTypes:- Ingress
Follow the UI instructions in Steps 3 and 4 on the Kore CLI:
ingress.yamlfile.$ kubectl --context myteam.eks-development -n bob apply -f ingress.yaml
Check that the service is exposed on the external domain.kubectl --context myteam.eks-development -n bob get ingress myappservice-ingress
If you wish, you can create separate
.yaml files for the Ingress resource and the network policy (or combine into one file), and then apply these without using Kore's generated file. For more information, see the Kubernetes documentation for:
Sample Ingress resource: You can see an example of the Ingress resource definition in the top part of the sample
ingress.yaml file above (where
Sample network policy: You can see an example network policy in the lower part of the sample
ingress.yaml file above (where
NetworkPolicy). See also Create Network Policies.