How Is Nginx-Ingress Informed of Published Services in AKS?

Question

I'm trying to understand how Nginx-Ingress know what public services are available in a K8S cluster set up via Helm. The YAML file for the Nginx-Ingress is simply this:

service:

loadBalancerIP: "xx.64.107.1"

controller:

replicaCount: 2

config:

*ssl-ciphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20 (abbreviated)*

*ssl-protocols: TLSv1.2 TLSv1.3*

*proxy-body-size: 50m*

*ssl-dh-param: default/lb-dhparam*

*ssl-ecdh-curve: secp384r1*

*proxy-connect-timeout: 300*

*proxy-read-timeout: 300*

*proxy-send-timeout: 300*

service:

*loadBalancerIP: "xx.64.107.1"*

Yet, if I examine the NGINX.CONF file inside the Ingress POD, I see 3 available services listed under "start server" sections. The config.yaml files for each of the 3 services do contain a section on ingress that looks like this:

ingress:

enabled: true

annotations:

*nginx.ingress.kubernetes.io/ssl-redirect: "true"*

*# nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "false"*

*kubernetes.io/ingress.class: nginx*

*nginx.ingress.kubernetes.io/service-upstream: "true"*

hosts:

*- host: blue-sandbox.myib.com*

  *paths:* 

    *- /*

Does the cluster somehow broadcast these services to NGINX when it fires up? I don't understand the connection.

Answer 1

Hello

Welcome to microsoft Q&A, Thankyou for posting your query here.

Defining Ingress resources for your services, you instruct the Nginx Ingress controller on how to route external traffic to these services.

The Nginx-Ingress controller is informed of published services through the use of Kubernetes resources, particularly Ingress resources, which define rules for routing external HTTP(S) traffic to internal services.

The Nginx Ingress controller using Helm, you provide it with a set of configurations that can include default behaviors, SSL/TLS settings, timeouts, and more. Helm charts are used to deploy both the Ingress controller and other applications/services within the cluster.

The YAML snippet you provided sets up the Nginx-Ingress controller and some of its configurations, such as SSL ciphers, timeouts, and the specific IP for the LoadBalancer.

The Nginx Ingress controller watches for Ingress resources across the cluster. Whenever it finds an Ingress resource, it reads the information and maps these to the specified services.

The annotations and specific configurations in the Ingress resource help fine-tune how requests are handled. The kubernetes.io/ingress.class: nginx specifically ensures that this Ingress resource is meant for Nginx and not another type of Ingress controller you might have running.

There isn't a direct "broadcast" of services. The Ingress controller actively watches for changes in the Kubernetes API server regarding Ingress resources and updates its configuration in real-time to reflect these changes.

Hope this helps you.

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Answer 2

Anveshreddy Nimmala

"There isn't a direct "broadcast" of services. The Ingress controller actively watches for changes in the Kubernetes API server regarding Ingress resources and updates its configuration in real-time to reflect these changes."

This is exactly what I needed to understand!! Many thanks!!