Zone Ingress

    The ZoneIngress entity includes a few sections:

    • type: must be ZoneIngress.
    • name: this is the name of the Zone Ingress instance, and it must be unique for any given zone.
    • networking: contains networking parameters of the Zone Ingress
      • address: the address of the network interface Zone Ingress is listening on. Could be the address of either public or private network interface, but the latter must be used with a load balancer.
      • advertisedAddress: an IP address or hostname which will be used to communicate with the Zone Ingress. Zone Ingress doesn’t listen on this address. If Zone Ingress is exposed using a load balancer, then the address of the load balancer should be used here. If Zone Ingress is listening on the public network interface, then the address of the public network interface should be used here.
      • advertisedPort: a port which will be used to communicate with the Zone Ingress. Zone Ingress doesn’t listen on this port.
      • admin: determines parameters related to Envoy Admin API
        • port: the port that Envoy Admin API will listen to
    • zone [auto-generated on Kuma CP] : zone where Zone Ingress belongs to

    Zone Ingress without advertisedAddress and is not taken into account when generating Envoy configuration, because they cannot be accessed by data plane proxies from other zones.

    Kuma will try to resolve advertisedAddress and advertisedPort automatically by checking the Service associated with this Zone Ingress.

    If the Service type is Load Balancer, Kuma will wait for public IP to be resolved. It may take a couple of minutes to receive public IP depending on the LB implementation of your Kubernetes provider.

    You can provide your own public address and port using the following annotations on the Ingress deployment

    • kuma.io/ingress-public-address

    In Universal mode the dataplane resource should be deployed as follows: