Question posted in 
I have questions about my basic understanding about the setup of my k8s cluster.
I have a K8s running on Hetzner-cloud and allocated a "physical" Loadbalancer (which can be controlled via annotations on a Service.)
I use a nginx (or traefik) as my ingress-controller.
Please correct me if I am wrong:
- I create the service
Loadbalancerwith theannotationsin the samenamespaceof myingress-controllerright? - Then I create an
ingresswith labelkubernetes.io/ingress-controller=nginxin mydefaultnamespace with the settings to point to my services in thedefaultnamespace (one for frontend, one for backend)
Is this the correct way to set this up?
2
Answers
1.- No. Ingress Controller and your workload doesn’t have to be in the same namespace. In fact, you will have the Ingress Controller running in a separate namespace than your workload.
2.-Yes. Generally speaking your
Ingressrules, meaning yourIngressobject, meaning yourIngressyaml and yourServicemust be in the same namespace. SoIngresscan’t transpass a namespace.Note: There is a way to have an
Ingressobject to send trafffic to aServicein a different namespace.No ideally your ingress controller will be running in different namespace in which your workload must not be running.
You should be keeping only the Nginx service with
type : Loadbalancerother services of your workload should beClusterIP.So all your traffic comes inside the cluster from one point. Your flow will be something like
You mentioned label ideally, it should be an annotation
kubernetes.io/ingress-controller=nginx.Yes, it’s perfect. You can create different ingress with different annotation rules as per requirements for different services that you want to expose publicly.
Keep your workload in default namespace for the controller you can use different namespaces like
ingress-controllerin future also if you have any requirement of setting up the Monitoring tools also you can create namespace and use it for monitoring only.