Services expose TKE in clusters based on the layer-4 network. Exposed service types, such as ClusterIP, NodePort, or LoadBalancer are all based on the access entry of layer-4 network services. They lack Layer-7 network capabilities, such as load balancing, SSL, and name-based virtual hosts. An ingress exposes HTTP and HTTPS services in the layer-7 network and provides common layer-7 network capabilities.

Basic Ingress Concepts

An ingress is a collection of rules that allows access to services within a cluster. You can configure forwarding rules to allow different URLs to access different services within the cluster. To ensure proper ingress operation, a cluster needs to run Ingress Controller. By default, a TKE cluster enables CLB-based TKE Ingress Controller.

Ingress Lifecycle Management

The external service capability of an ingress depends on resources provided by the CLB. Service resource management is one of the important function of an ingress. The following table describes the labels that an ingress will use for resource lifecycle management.

Ingress Controller Usage Method

In addition to TKE Ingress Controller provided by Tencent Cloud, the Kubernetes community has various third-party Ingress Controllers. These ingress controllers expose services in the layer-7 network. The Kubernetes community allows you to use the kubernetes.io/ingress.class annotation to distinguish different ingress controllers and determine the controller that processes an ingress. TKE Ingress Controller also supports this annotation. The detailed rules and use suggestions are as follows:

• When an ingress does not have the kubernetes.io/ingress.class annotation, TKE Ingress Controller will manage the ingress.
• When an ingress has the kubernetes.io/ingress.class annotation and its value is qcloud, TKE Ingress Controller will manage the ingress.
• When an ingress modifies the kubernetes.io/ingress.class annotation content, TKE Ingress Controller will add the ingress to or remove it from its management scope based on the annotation content. This operation will create or release an ingress.
• When TKE Ingress Controller is not required, you can change the number of Deployment (kube-system:l7-lb-controller) replicas in the cluster to 0 to disable the TKE Ingress Controller feature.

  Note：

  Before disabling the TKE Ingress Controller feature, ensure that no ingress is managed by TKE Ingress Controller to prevent CLB release failures.

Ingress Operations

For more information about ingress-related operations and features, see the following documents:

• Ingress Management
• Using an Existing CLB for Direct Pod Connection
• Using TKEServiceConfig to Configure the CLB
• Ingress Certificate Management