K
Q

Ingress vs Direct Nginx Deployment on On-premise Kuber Cluster

5/15/2020

I am setting up a kubernetes cluster in the On-Premise servers. Now for setting up external traffic, I can run Nginx Ingress behind Nodeport or I can run Nginx Deployment(Pods) with NodePort service exposed.

The only difference I got to know is with Ingress, I will get the sticky sessions which I anyhow do not need. So which one I should prefer and why?

Apart from this, I also have one requirement on Nginx Caching of htmls(with purging logic). So I have Nginx Deplpyment, then I can use PVC and PV. But what if I use Nginx Ingress. How will it work then.

-- Ankit Bansal
kubernetes
kubernetes-ingress

Similar Questions

Terraform AWS EKS kubectl configuration
Conflicting type in golang compilation
Istio Prometheus pod in CrashLoopBackOff State
Executing commands inside helm install

1 Answer

5/15/2020

When you expose a Nginx Deployment you essentially create a L4 load balancer with Ingress you are creating a L7 load balancer.

If you want to host multiple domains like example1.com, example2.com so on the having a L7 load balancer makes sense also you can have defaulted backend defined if you want the request to endup somewhere special like some special service or endpoint.

Coming to 2nd part of enabling cache you can do it in ingress controller as follows:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: mywebsite
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-buffering: "on"  # Important!
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_cache static-cache;
      proxy_cache_valid 404 1m;
      proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
      proxy_cache_bypass $http_x_purge;
      add_header X-Cache-Status $upstream_cache_status;

say you want to enable it for 1 path not for others, like you want to enable it for /static/ path and not for / path then you can have:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: mysite
  annotations:
    ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
spec:
  tls:
    - secretName: mysite-ssl
      hosts:
        - mysite.example.com
  rules:
    - host: mysite.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: mysite
              servicePort: http
---
# Leverage nginx-ingress cache for /static/
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: mysite-static
  annotations:
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_cache static-cache;
      proxy_cache_valid 404 10m;
      proxy_cache_use_stale error timeout updating http_404 http_500 http_502 http_503 http_504;
      proxy_cache_bypass $http_x_purge;
      add_header X-Cache-Status $upstream_cache_status;
spec:
  rules:
    - host: mysite.example.com
      http:
        paths:
          - path: /static/
            backend:
              serviceName: mysite
              servicePort: http

Ultimately the design decision is yours, honestly its better to use ingress controller as it gives way more flexibility. I hope this clears this up for you.

-- Hiteshwar Sharma
Source: StackOverflow