Version: 0.7

Expose your Application via Ingress

To allow traffic to your applications, you must set up an Ingress resource and network policy. Ingress exposes HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource. Network policies let you specify how a pod is allowed to communicate with various types of network entitities over the network.

This topic gives instructions for using Kore to generate and apply a .yaml file that combines an Ingress resource and a network policy.

Generate an Ingress resource and network policy#

These steps generate an ingress.yaml file containing an Ingress resource and a network policy.

The example used in these steps assumes that your application:

  • is deployed into the namespace bob
  • has a myappservice kubernetes service that defines the 8443 https port
  • should be accessible on the app1.myproject.com publicly on the Internet
  • should have a valid TLS certificate from a trusted certificate provider

Prerequisites#

  • The workload you want to expose on an external domain is already running in a namespace on a cluster, using TLS.
  • The workload you want to expose already has a corresponding kubernetes service.
  • The external domain on which you want to expose the application has been configured in Kore.

To generate an ingress.yaml file for an application:

  1. In the Kore UI Team page, navigate to DNS

  2. Locate the domain for your application, and then click Expose application via ingress.

  3. Fill out the form in Step 1 of 4 as shown in this example: Ingress Generator

    The UI dynamically generates the corresponding ingress.yaml file in Step 2 o 4 on this page. Kore automatically deploys the external Ingress controller used in the file.

    Here's the ingress.yaml file generated in this example:

    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
    name: myappservice-ingress
    namespace: bob
    annotations:
    kubernetes.io/ingress.class: "external"
    cert-manager.io/cluster-issuer: "prod-le-dns01"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    spec:
    rules:
    - host: app1.myproject.com
    http:
    paths:
    - backend:
    serviceName: myappservice
    servicePort: 8443
    tls:
    - hosts:
    - app1.myproject.com
    secretName: myappservice-ingress-tls
    ---
    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    metadata:
    name: myappservice-ingress
    namespace: bob
    spec:
    ingress:
    - ports:
    - protocol: TCP
    port: 8443
    from:
    - namespaceSelector:
    matchLabels:
    name: kore-ingress
    podSelector:
    matchLabels:
    name: "myapp"
    policyTypes:
    - Ingress
  4. Follow the UI instructions in Steps 3 and 4 on the Kore CLI:

    • Apply the ingress.yaml file.

      $ kubectl --context myteam.eks-development -n bob apply -f ingress.yaml
    • Check that the service is exposed on the external domain.

      kubectl --context myteam.eks-development -n bob get ingress myappservice-ingress

Manually create an Ingress resource and network policy#

If you wish, you can create separate .yaml files for the Ingress resource and the network policy (or combine into one file), and then apply these without using Kore's generated file. For more information, see the Kubernetes documentation for:

Sample Ingress resource: You can see an example of the Ingress resource definition in the top part of the sample ingress.yaml file above (where kind is Ingress).

Sample network policy: You can see an example network policy in the lower part of the sample ingress.yaml file above (where kind is NetworkPolicy). See also Create Network Policies.