# EKS Ingress Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define. ## Prerequisites ### Creating Services with EKS See the DuploCloud documentation for instructions to add [Tenants](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/tenant-environment), [Hosts](https://docs.duplocloud.com/docs/automation-platform/overview/use-cases/hosts-vms), and [Services](https://docs.duplocloud.com/docs/automation-platform/overview/aws-services). ### Enabling the AWS Application Load Balancer An administrator needs to enable the AWS Application Load Balancer controller for your Infrastructure before you can use Ingress. 1. In the DuploCloud Portal, navigate to **Administrator ->** **Infrastructure** and select the Infrastructure name from the **NAME** column. 2. Select the **Settings** tab and click **Add**. The **Infra - Custom Data** pane displays. 3. From the **Setting Name** list box, select **Enable ALB Ingress Controller**. 4. Select **Enable**. 5. Click **Set**. In the Settings tab, the **Enable ALB Ingress Controller** setting displays a value of **true**.

The Settings tab on the Infrastructure page

## Adding a Load Balancer with Kubernetes NodePort 1. In the DuploCloud Portal, navigate to **Kubernetes** -> **Services**. 2. Select your Service name from the **NAME** column. 3. Select the **Load Balancers** tab. 4. Click **Configure Load Balancer**. The **Add Load Balancer Listener** pane appears.

Add Load Balancer Listener pane

5. In the **Select Type** field, select **K8S Node Port**. 6. Enter the **Container port** and **External port**. 7. In the **Health Check** field, enter the path should be used to check the health of backend services. * Common value: `/` (checks the root path). * If your service has a dedicated health check endpoint, enter it (e.g., `/health` or `/status`). 8. From the **Backend Protocol** list box, select **TCP** or **UDP**. 9. Kubernetes Health Check and Probes are enabled by default. To manually configure Health Check settings, select **Additional health check configs**.
10. If needed, enable and configure **Advanced Kubernetes settings**. 11. Click **Add**. The Load Balancer listener is displayed under **LB Listeners** on the **Load Balancers** tab.

The Load Balancers tab for the Service

## Adding a Kubernetes Ingress 1. Navigate to **Kubernetes** -> **Ingress**. 2. Click **Add**. The **Add Kubernetes Ingress** page displays.

The Add Kubernetes Ingress page in the DuploCloud Portal

3. Complete the following fields to configure the Ingress.
Ingress NameEnter a unique name for the Ingress resource.
Ingress ControllerSelect the Ingress controller to use (e.g., alb for AWS Load Balancer Controller).
VisibilityChoose whether the Ingress is Public or Internal Only.
DNS PrefixEnter the DNS prefix to be used for the Ingress hostname (e.g., app1).
HTTP Listener Port
(ALB controllers)		Enter the port for the HTTP listener (default is 80). If you dontt want to expose your service over HTTP, make it blank.
HTTPS Listener Port
(ALB controllers)		Enter the port for the HTTPS listener (default is 443).
Target Type

Specify how you want to route traffic to Pods. You can choose between Instance (Worker Nodes) or IP (Pod IPs).

  • Instance (Worker Nodes) routes traffic to all EC2 instances within the cluster on the NodePort opened for your Service. To use the Instance target type, the Service must be NodePort or LoadBalancer type.
  • IP (Pod IPs) routes traffic directly to the Pod IP. The network plugin must use secondary IP addresses on ENI (e.g., amazon-vpc-cni-k8s) for the Pod IP to use IP mode. The Service can be of any type (e.g., ClusterIP, NodePort, or LoadBalancer). IP mode is required for sticky sessions to work with ALBs.
HTTP to HTTPS RedirectOptionally, enable this option to automatically redirect all traffic to HTTPS.
TLS HostsEnter one or more comma-separated hostnames to secure with TLS (e.g., example.com,api.example.com).
TLS Secret NameEnter the name of the Kubernetes secret containing TLS certificate and private key (optional).
To complete the Ingress setup, you must define at least one rule. Continue to the next section. ### Defining Ingress rules Define the Ingress rules to control how requests are routed based on hostnames, paths, and ports. Complete the following steps to add routing rules to the Ingress. 1. On the **Add Kubernetes Ingress** page, click **Add Rule**. The **Add Ingress Rule pane** displays.

The Add Ingress Rule pane

2. Complete the fields to configure the rule.
PathEnter the request path that should trigger the rule (e.g., /).
Path TypeSelect the path matching behavior: Exact, Prefix, or Implementation Specific.
HostOptionally, enter the hostname to apply the rule to.
Use Container Port NameToggle on to manually enter Service and Container Port.
Service NameSelect or enter the service to route traffic to.
Container PortEnter the container port to forward traffic to.
3. Click **Add Rule**. The rule will be displayed on the **Add Kubernetes Ingress** page. 4. Repeat steps 1-5 to add additional rules. With routing rules defined, you can now add certificates to secure your Ingress and enable HTTPS traffic. ### Adding certificates to the Ingress Before attaching certificates to an Ingress, you must add the ACM certificates to your DuploCloud Plan. For detailed instructions, see the [DuploCloud ACM documentation](https://docs.duplocloud.com/docs/overview/prerequisites/acm-certificate#adding-an-acm-certificate-with-arn-to-a-duplocloud-plan). Once your certificates have been added to the plan, complete the following steps to attach them to the Ingress configuration: 1. On the **Add Kubernetes Ingress** page, click **Add Certificate**. The **Add Certificate** pane displays.

Add Certificate pane

2. In the **Certificate** list box, select the certificate to associate with this Ingress. 3. To set the certificate as the default, enable the **Set as Default** toggle. * **Note**: The first certificate you add is selected as the default automatically. You can change this option for additional certificates. 4. Click **Add** to save the certificate to the Ingress configuration. 5. Repeat steps 1-4 above to add additional certificates. {% hint style="info" %} You can attach up to 25 ACM certificates per Application Load Balancer (ALB) listener to support HTTPS across multiple domains using Server Name Indication (SNI). One certificate acts as the default, while the ALB selects the appropriate certificate based on the client’s requested hostname. If you need more than 25 certificates, you can request a quota increase for **Certificates per Application Load Balancer** in AWS. {% endhint %} Now that the necessary certificates have been added, you can optionally configure Ingress redirect rules and annotations to continue creating the Ingress. ### Configuring Ingress redirect configurations and annotations 1. On the **Add Kubernetes Ingress** page, click **Add Redirect Config**. The **Add Redirect Config** pane displays.

The Add Redirect Config pane

2. In the **Name** field, enter a descriptive name for the Ingress redirect configuration. 3. In the **Host** field, specify the domain name for which this redirect rule will apply. 4. In the **Path** field, define the path that should trigger the redirect. 5. Enter the **Port** for the backend service or redirect. 6. Enter the **Protocol** to enforce (e.g., HTTPS). 7. If Applicable, in the **Query** field, specify query parameters for the redirect. 8. In the **Status Codes** field, enter the HTTP status code for the redirect. 9. Optionally, in the **Annotations** field, enter additional configuration options specific to the Ingress controller. 10. Click **Add** to add the Kubernetes Ingress with defined rules and configurations. 11. On the **Add Kubernetes Ingress** page, click **Add Redirect Config**. The **Add Redirect Config** pane displays.

The Add Redirect Config pane

2. Complete the following fields.
NameEnter a descriptive name for the Ingress redirect configuration.
HostSpecify the domain name for which this redirect rule will apply.
PathDefine the path that should trigger the redirect.
PortEnter the port for the backend service or redirect.
ProtocolEnter the protocol to enforce (e.g., HTTPS).
QueryOptionally, specify query parameters for the redirect.
Status CodesEnter the HTTP status code for the redirect.
### Finish Creating the Ingress After completing all required fields, adding rules and certificates, and optionally configuring annotations and labels, click **Add** at the bottom of the **Add Kubernetes Ingress** page to finalize and create your Ingress resource. You will then see your new Ingress listed on the **Kubernetes** → **Ingress** page.

The Ingress page displaying the added Ingress

## Viewing an Ingress ### Viewing Ingress details in the DuploCloud Portal 1. View Ingress details by navigating to **Kubernetes** -> **Ingress** and selecting your Ingress from the **NAME** column. The Ingress details page displays. 2. Use the tabs to view Ingress details: * In the **Configuration** tab, you can view the overall Ingress settings such as the Ingress controller, visibility, certificate details, listener ports, and target type. The DNS address displayed here is a clickable link that opens the ingress endpoint in a new browser tab, enabling you to quickly access the exposed service. * In the **Ingress Rules** tab, you can review the list of rules that define how traffic is routed based on hostnames and paths. Each rule includes a clickable **Access Path** link () that opens the full URL for that specific path in a new browser tab, allowing you to quickly verify and test routing behavior for individual paths.

Configuration tab on the Ingress details page

Ingress Rules tab on the Ingress details page

### Viewing Ingress details using `curl` Commands You can also view Ingress details using `curl` commands. Curl commands are configured with the DNS names and paths (as defined in your Ingress rules) in the format: `curl http:///`. The responses from these requests will show how traffic is being routed according to the Ingress configuration. For example, see the following three commands and responses: Command: `curl http://ig-nev-ingress-ing-t2-1-duplopoc.net/path-x/` Response**:** `this is service1` Command: `curl http://ing-doc-ingress-ing-t2-1-duplopoc.net/path-y/` Response**:** `this is service2` Command: `curl http://ing-public-ingress-ing-t2.1.duplopoc.net/path-z/` Response**:** `this is ING2-PUBLIC` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/automation-platform/kubernetes-overview/ingress-loadbalancer/adding-ingress.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.