EKS Ingress

Set up Kubernetes Ingress and Load Balancer with K8s NodePort

Ingress controllers abstract the complexity of routed Kubernetes application traffic, providing a bridge between Kubernetes services and services that you define.

Prerequisites

Creating Services with EKS

See the DuploCloud documentation for instructions to add Tenants, Hosts, and Services.

Enabling the AWS Application Load Balancer

An administrator needs to enable the AWS Application Load Balancer controller for your Infrastructure before you can use Ingress.

In the DuploCloud Portal, navigate to Administrator -> Infrastructure and select the Infrastructure name from the NAME column.
Select the Settings tab, and click Add. The Infra - Custom Data pane displays.
From the Setting Name list box, select Enable ALB Ingress Controller.
Select Enable.
Click Set. In the Settings tab, the Enable ALB Ingress Controller setting displays a value of true.

Adding a Load Balancer with Kubernetes NodePort

In the DuploCloud Portal, navigate to Kubernetes -> Services.
Select your Service name from the NAME column.
Select the Load Balancers tab.
Click Configure Load Balancer. The Add Load Balancer Listener pane appears.
Add Load Balancer Listener pane
In the Select Type field, select K8S Node Port.
Enter the Container port and External port.
In the Health Check field, enter the path should be used to check the health of backend services.
- Common value: / (checks the root path).
- If your service has a dedicated health check endpoint, enter it (e.g., /health or /status).
From the Backend Protocol list box, select TCP or UDP.
Kubernetes Health Check and Probes are enabled by default. To manually configure Health Check settings, select Additional health check configs.
If needed, enable and configure Advanced Kubernetes settings.
Click Add. The Load Balancer listener is displayed under LB Listeners on the Load Balancers tab.

Adding a Kubernetes Ingress

Navigate to Kubernetes -> Ingress.
Click Add. The Add Kubernetes Ingress page displays.

Complete the following fields to configure the Ingress.

Ingress Name

Enter a unique name for the Ingress resource.

Ingress Controller

Select the Ingress controller to use (e.g., alb for AWS Load Balancer Controller).

Visibility

Choose whether the Ingress is Public or Internal Only.

DNS Prefix

Enter the DNS prefix to be used for the Ingress hostname (e.g., app1).

HTTP Listener Port (ALB controllers)

Enter the port for the HTTP listener (default is 80). If you dontt want to expose your service over HTTP, make it blank.

HTTPS Listener Port (ALB controllers)

Enter the port for the HTTPS listener (default is 443).

Target Type

Specify how you want to route traffic to Pods. You can choose between Instance (Worker Nodes) or IP (Pod IPs).

Instance (Worker Nodes) routes traffic to all EC2 instances within the cluster on the NodePort opened for your Service. To use the Instance target type, the Service must be NodePort or LoadBalancer type.
IP (Pod IPs) routes traffic directly to the Pod IP. The network plugin must use secondary IP addresses on ENI (e.g., amazon-vpc-cni-k8s) for the Pod IP to use IP mode. The Service can be of any type (e.g., ClusterIP, NodePort, or LoadBalancer). IP mode is required for sticky sessions to work with ALBs.

HTTP to HTTPS Redirect

Optionally, enable this option to automatically redirect all traffic to HTTPS.

TLS Hosts

Enter one or more comma-separated hostnames to secure with TLS (e.g., example.com,api.example.com).

TLS Secret Name

Enter the name of the Kubernetes secret containing TLS certificate and private key (optional).

To complete the Ingress setup, you must define at least one rule. Continue to the next section.

Defining Ingress rules

Define the Ingress rules to control how requests are routed based on hostnames, paths, and ports.

Complete the following steps to add routing rules to the Ingress.

On the Add Kubernetes Ingress page, click Add Rule. The Add Ingress Rule pane displays.

Complete the fields to configure the rule.

Path

Enter the request path that should trigger the rule (e.g., /).

Path Type

Select the path matching behavior: Exact, Prefix, or Implementation Specific.

Host

Optionally, enter the hostname to apply the rule to.

Use Container Port Name

Toggle on to manually enter Service and Container Port.

Service Name

Select or enter the service to route traffic to.

Container Port

Enter the container port to forward traffic to.

Click Add Rule. The rule will be displayed on the Add Kubernetes Ingress page.
Repeat steps 1-5 to add additional rules.

With routing rules defined, you can now add certificates to secure your Ingress and enable HTTPS traffic.

Adding certificates to the Ingress

Before attaching certificates to an Ingress, you must add the ACM certificates to your DuploCloud Plan. For detailed instructions, see the DuploCloud ACM documentation.

Once your certificates have been added to the plan, complete the following steps to attach them to the Ingress configuration:

On the Add Kubernetes Ingress page, click Add Certificate. The Add Certificate pane displays.
Add Certificate pane
In the Certificate list box, select the certificate to associate with this Ingress.
To set the certificate as the default, enable the Set as Default toggle.
- Note: The first certificate you add is selected as the default automatically. You can change this option for additional certificates.
Click Add to save the certificate to the Ingress configuration.
Repeat steps 1-4 above to add additional certificates.

You can attach up to 25 ACM certificates per Application Load Balancer (ALB) listener to support HTTPS across multiple domains using Server Name Indication (SNI). One certificate acts as the default, while the ALB selects the appropriate certificate based on the client’s requested hostname.

If you need more than 25 certificates, you can request a quota increase for Certificates per Application Load Balancer in AWS.

Now that the necessary certificates have been added, you can optionally configure Ingress redirect rules and annotations to continue creating the Ingress.

Configuring Ingress redirect configurations and annotations

On the Add Kubernetes Ingress page, click Add Redirect Config. The Add Redirect Config pane displays.

Complete the following fields.

Name

Enter a descriptive name for the Ingress redirect configuration.

Host

Specify the domain name for which this redirect rule will apply.

Path

Define the path that should trigger the redirect.

Port

Enter the port for the backend service or redirect.

Protocol

Enter the protocol to enforce (e.g., HTTPS).

Query

Optionally, specify query parameters for the redirect.

Status Codes

Enter the HTTP status code for the redirect.

Finish Creating the Ingress

After completing all required fields, adding rules and certificates, and optionally configuring annotations and labels, click Add at the bottom of the Add Kubernetes Ingress page to finalize and create your Ingress resource.

You will then see your new Ingress listed on the Kubernetes → Ingress page.

Viewing an Ingress

Viewing Ingress details in the DuploCloud Portal

When Ingress is configured, view details by navigating to Kubernetes -> Ingress, and selecting your Ingress from the NAME column.

Viewing Ingress details using `curl` Commands

You can also view Ingress details using curl commands. Curl commands are configured with the DNS names and paths (as defined in your Ingress rules) in the format: curl http://<dns1>/<path1>. The responses from these requests will show how traffic is being routed according to the Ingress configuration. For example, see the following three commands and responses:

Command: curl http://ig-nev-ingress-ing-t2-1-duplopoc.net/path-x/

Response: this is service1

Command: curl http://ing-doc-ingress-ing-t2-1-duplopoc.net/path-y/

Response: this is service2

Command: curl http://ing-public-ingress-ing-t2.1.duplopoc.net/path-z/

Response: this is ING2-PUBLIC

PreviousIngress Loadbalancer NextGKE Ingress

Last updated 13 days ago

Was this helpful?