Multiple Ingress pattern
It's common to leverage multiple Ingress objects in the same EKS cluster, for example to expose multiple different workloads. By default each Ingress will result in the creation of a separate ALB, but we can leverage the IngressGroup feature which enables you to group multiple Ingress resources together. The controller will automatically merge Ingress rules for all Ingresses within IngressGroup and support them with a single ALB. In addition, most annotations defined on an Ingress only apply to the paths defined by that Ingress.
In this example, we'll expose the catalog API out through the same ALB as the ui component, leveraging path-based routing to dispatch requests to the appropriate Kubernetes service. Let's check we can't already access the catalog API:
The first thing we'll do is re-create the Ingress for ui component adding the annotation alb.ingress.kubernetes.io/group.name:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ui
namespace: ui
labels:
app.kubernetes.io/created-by: eks-workshop
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/healthcheck-path: /actuator/health/liveness
alb.ingress.kubernetes.io/group.name: retail-app-group
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ui
port:
number: 80
Now, let's create a separate Ingress for the catalog component that also leverages the same group.name:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: catalog
namespace: catalog
labels:
app.kubernetes.io/created-by: eks-workshop
annotations:
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/group.name: retail-app-group
spec:
ingressClassName: alb
rules:
- http:
paths:
- path: /catalogue
pathType: Prefix
backend:
service:
name: catalog
port:
number: 80
This ingress is also configuring rules to route requests prefixed with /catalogue to the catalog component.
Apply these manifests to the cluster:
We'll now have two separate Ingress objects in our cluster:
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
catalog catalog alb * k8s-retailappgroup-2c24c1c4bc-17962260.us-west-2.elb.amazonaws.com 80 2m21s
ui ui alb * k8s-retailappgroup-2c24c1c4bc-17962260.us-west-2.elb.amazonaws.com 80 2m21s
Notice that the ADDRESS of both are the same URL, which is because both of these Ingress objects are being grouped together behind the same ALB.
We can take a look at the ALB listener to see how this works:
The output of this command will illustrate that:
- Requests with path prefix
/cataloguewill get sent to a target group for the catalog service - Everything else will get sent to a target group for the ui service
- As a default backup there is a 404 for any requests that happen to fall through the cracks
You can also checkout out the new ALB configuration in the AWS console:
To wait until the load balancer has finished provisioning you can run this command:
Try accessing the new Ingress URL in the browser as before to check the web UI still works:
k8s-ui-uinlb-a9797f0f61.elb.us-west-2.amazonaws.com
Now try accessing the specific path we directed to the catalog service:
You'll receive back a JSON payload from the catalog service, demonstrating that we've been able to expose multiple Kubernetes services via the same ALB.