digitalocean kubernetes ingress: the missing configuration guide for developers

P
@pilput
6 months ago1views

what is a kubernetes ingress?

if you're a developer or devops engineer starting your journey with kubernetes on digitalocean, you've probably heard the term "ingress." it can be one of the more confusing concepts to grasp. in simple terms, think of an ingress as a smart traffic cop for your kubernetes cluster.

without an ingress, you might use a "loadbalancer" service type for every application, which can get expensive and complex. an ingress provides a single entry point to your cluster that can route http and https traffic to multiple different services inside your cluster based on the url path or domain name.

  • manages external access: it allows access to your services from outside the kubernetes cluster.
  • load balancing: it can distribute network traffic to prevent any single pod from being overwhelmed.
  • ssl/tls termination: you can handle your https certificates in one place.
  • name-based virtual hosting: you can serve multiple websites from a single ip address.

core components of an ingress

to understand the configuration, you need to know the three key parts:

  1. ingress resource: a yaml file that defines the rules for routing traffic. this is what you, as a developer, will create and manage.
  2. ingress controller: the actual software (like nginx, traefik, or digitalocean's own) that fulfills the rules set by the ingress resource. it's the pod that acts as the "traffic cop."
  3. load balancer: on cloud providers like digitalocean, the ingress controller is typically exposed to the internet via a cloud load balancer.

setting up the digitalocean kubernetes ingress controller

digitalocean makes this process incredibly simple. when you create a kubernetes (doks) cluster, you can enable the digitalocean managed ingress controller with a single click. this is a huge advantage for devops efficiency, as they manage the controller for you, handling updates and security patches.

if you didn't enable it during creation, you can easily add it via the control panel by navigating to your cluster, going to the "components" section, and clicking "install" next to the ingress option.

step 1: deploy a sample application

before we can route traffic, we need something to route to. let's deploy a simple nginx web server. save the following as deployment.yaml:

apiversion: apps/v1
kind: deployment
metadata:
  name: my-web-app
spec:
  replicas: 2
  selector:
    matchlabels:
      app: my-web-app
  template:
    metadata:
      labels:
        app: my-web-app
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        ports:
        - containerport: 80
---
apiversion: v1
kind: service
metadata:
  name: my-web-service
spec:
  ports:
    - port: 80
      targetport: 80
  selector:
    app: my-web-app

apply it to your cluster:

kubectl apply -f deployment.yaml

step 2: create the ingress resource

now for the main event: the ingress resource. this yaml tells the digitalocean ingress controller how to direct traffic. create a file called ingress.yaml.

apiversion: networking.k8s.io/v1
kind: ingress
metadata:
  name: my-basic-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - http:
      paths:
      - path: /
        pathtype: prefix
        backend:
          service:
            name: my-web-service
            port:
              number: 80

apply the ingress:

kubectl apply -f ingress.yaml

after a minute or two, digitalocean will provision a load balancer for you. you can find its public ip address by running:

kubectl get ingress

if you visit that ip in your browser, you should see the default nginx welcome page! you've successfully routed external traffic to your internal service.

advanced configuration: custom domains and tls/ssl

a raw ip address isn't great for a production application or for seo. let's set up a custom domain with a free tls certificate.

1. point your domain

first, take the external ip of your load balancer (from kubectl get ingress) and create an "a" record in your dns settings that points your domain (e.g., app.yourdomain.com) to that ip.

2. update the ingress for tls

we need to modify our ingress resource to handle the new domain and request a tls certificate from let's encrypt. digitalocean's controller uses cert-manager behind the scenes to automate this.

update your ingress.yaml file to look like this:

apiversion: networking.k8s.io/v1
kind: ingress
metadata:
  name: my-production-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod" # tells cert-manager to issue a certificate
spec:
  tls:
  - hosts:
    - app.yourdomain.com # your domain here
    secretname: my-app-tls-secret # kubernetes secret where the cert will be stored
  rules:
  - host: app.yourdomain.com # your domain here
    http:
      paths:
      - path: /
        pathtype: prefix
        backend:
          service:
            name: my-web-service
            port:
              number: 80

apply the updated configuration:

kubectl apply -f ingress.yaml

the ingress controller will now work with cert-manager to automatically obtain a certificate for your domain. after a few minutes, your site will be accessible at https://app.yourdomain.com with a valid, trusted certificate!

path-based routing for full stack apps

as a full-stack developer, you often have separate services for your frontend and backend apis. ingress is perfect for this. let's say you have a frontend service and a backend api service.

apiversion: networking.k8s.io/v1
kind: ingress
metadata:
  name: my-fullstack-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: app.yourdomain.com
    http:
      paths:
      - path: /
        pathtype: prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80
      - path: /api
        pathtype: prefix
        backend:
          service:
            name: backend-api-service
            port:
              number: 3000

with this configuration:

  • traffic to app.yourdomain.com/ goes to the frontend.
  • traffic to app.yourdomain.com/api/users goes to the backend api.

this is a foundational pattern for modern microservices architecture and is essential knowledge for any serious coding professional.

common pitfalls and troubleshooting

here are some common issues developers face:

  • ingress controller not installed: double-check that the digitalocean managed ingress is installed on your cluster via the control panel.
  • misconfigured service: ensure your service's selector matches the labels on your pods and that the targetport is correct.
  • dns propagation: after pointing your domain, it can take some time (from minutes to hours) for the dns changes to propagate globally.
  • certificate stuck in "pending": if your tls certificate isn't issuing, check your domain's dns a record is correctly pointing to the load balancer ip.

you can use these commands to debug:

# check the status of the ingress
kubectl describe ingress my-production-ingress

# check the logs of the ingress controller pods
kubectl get pods -n doctools
kubectl logs -n doctools <ingress-controller-pod-name>

conclusion

mastering the digitalocean kubernetes ingress is a powerful step in your devops and full-stack development journey. it provides a robust, scalable, and secure way to manage external access to your applications. by following this guide, you've learned how to set up a basic ingress, configure a custom domain with automatic https, and route traffic for complex, multi-service applications. keep experimenting and coding—this knowledge is key to deploying professional, production-ready applications.

Comments

Discussion

Share your thoughts and join the conversation

Loading comments...

Join the Discussion

Please log in to share your thoughts and engage with the community.

Log InSign Up