So, this is something I decided to set my mind to understanding how I can use Ingress as a sort of API Gateway in Kubernetes. Ingress is the main means of enabling applications to access a variety of services hosted within a Kubernestes cluster and its underpins many of the more sophisticated deployments you will come across.
For my exercise I am going to use minikube to avoid the $8,000 bill Amazon was gracious enough to forgive last year 🙂 In addition, for the underlying service, I am using a .NET Core WebAPI Hosted via OpenFaaS (howto).
Understanding OpenFaaS
Without going to deep into how to set this up (I provided the link above) I created a single Controller called calc that has actions for various mathematical operations (add, substract, multiple, and divide). Each of these actions can be called via the following URL structure:
<of-gateway url>:8080/function/openfaas-calc-api.openfaas-fn/calc/<op_name>
Note: open-faas-calc-api is the name of the API in OpenFaaS as I named it, yours will likely differ
The goal of our Ingress is, via the IP returned by minikube ip we want to simplify the URI structure to the following:
<minikube ip>/calc/<op_name>
Within our Ingress definition we will rewrite this request to match the URL structure shown above.
Create a basic Ingress
Let’s start with the basics first, here is the configuration that is a good starting point for doing this:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.k8s.io/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: calc-ingress | |
| namespace: openfaas | |
| annotations: | |
| kubernetes.io/ingress.class: nginx | |
| spec: | |
| rules: | |
| – http: | |
| paths: | |
| – path: / | |
| backend: | |
| serviceName: gateway | |
| servicePort: 8080 |
You can find the schema for an Ingress definition in the Kubernetes documentation here. Ingress is a standard component in Kubernetes that is implemented by a vendor (minikube support Nginx out of the box, other vendors include Envoy, Kong, Treafik, and others).
If you run a kubectl apply on this file the following commands will work
<minikube ip>/function/openfaas-calc-api.openfaas-fn/calc/<op_name>
However, this is not what we want. To achieve the rewrite of our URL we need to use annotations to configure NGINX specifically – we actually used the ingress.class annotation above.
Annotate
NGINX Ingress Controller contains a large number of supported annotations, documented here. For our purposes we are interested in two of them:
- rewrite-target
- use-regex
Here is what our updated configuration file looks like:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: networking.k8s.io/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: calc-ingress | |
| namespace: openfaas | |
| annotations: | |
| kubernetes.io/ingress.class: nginx | |
| nginx.ingress.kubernetes.io/rewrite-target: "/function/openfaas-calc-api.openfaas-fn/calc/$1" | |
| nginx.ingress.kubernetes.io/use-regex: "true" | |
| spec: | |
| rules: | |
| – http: | |
| paths: | |
| – path: /calc/(.*) | |
| backend: | |
| serviceName: gateway | |
| servicePort: 8080 |
You can see the minusha we need to pass for OpenFaaS calls has been moved to our rewrite-target. The rewrite-target is the URL that will ultimately be passed to the backend service matched via path (and host if supposed).
What is interesting here is we have given a Regex pattern to the path value meaning, our rule will apply for ANY URL that has /calc/<anything> as a format. The (.*) is a Regex capture group enabling us to extract the value. We can have as many as we like and they get numbered $1, $2, $3, and so on.
In our case, we are only matching one thing – the operation name. When it is found, we use $1 to update our rewrite-target. The result is the correct underlying URL that our service is expecting.
We can now call our service with the following URL and have it respond:
<minikube ip>/calc/<op_name>
Thus we have achieved what we were after.
Additional Thoughts
Ingress is an extremely powerful concept within Kubernetes and it enables a wide array of functionality often seen with PaaS services such as API Gateway (Amazon) and API Management (Azure). Without a doubt it is a piece of the overall landscape developers will want to be well versed in to ensure they can create simple and consistent URL to enable REST, gRPC, and other style of services for external access.
Random Blurbs and Things of this Nature 