Q-04 โ€” Ingress (CKA 2025)

๐Ÿ“Œ Question

Create a new Ingress resource named echo in the echo-sound namespace. Expose the Service echoserver-service on:

http://example.org/echo

using Service port 8080. The command:

curl -o /dev/null -s -w "%{http_code}\n" http://example.org/echo

should return 200.

โ— Why we will NOT use Regex here

The exam URL provided is:

http://example.org/echo

NOT:

http://example.org/echo/test
http://example.org/echo/anything/else

Since the URL contains no subpaths, Kubernetes expects a simple path rule.

Therefore:

โœ” NO regex required

โœ” NO capture groups required

โœ” NO (.*) patterns

โœ” Only /echo is matched

Regex is only used when the path must match dynamic segments, which is not the case here.

๐ŸŸฆ If the Ingress Controller is nginx (most common in exam)

Nginx does NOT automatically strip the prefix /echo. So the backend would receive:

/echo

But echo-server expects:

/

So we must add a rewrite annotation:

nginx.ingress.kubernetes.io/rewrite-target: /

โœ… Correct Ingress manifest (nginx)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echo
  namespace: echo-sound
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: example.org
    http:
      paths:
      - path: /echo
        pathType: Prefix
        backend:
          service:
            name: echoserver-service
            port:
              number: 8080

๐ŸŸฉ If the Ingress Controller is Traefik

Traefik automatically strips the prefix /echo. So no rewrite annotation is needed.

โœ… Correct Ingress manifest (Traefik)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echo
  namespace: echo-sound
spec:
  ingressClassName: traefik
  rules:
  - host: example.org
    http:
      paths:
      - path: /echo
        pathType: Prefix
        backend:
          service:
            name: echoserver-service
            port:
              number: 8080

๐Ÿ— Full Lab Setup (Deployment + Service + Ingress)

This allows you to fully test the question.

1๏ธโƒฃ Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: echo-sound

2๏ธโƒฃ Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver-deployment
  namespace: echo-sound
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echoserver
  template:
    metadata:
      labels:
        app: echoserver
    spec:
      containers:
      - name: echoserver
        image: k8s.gcr.io/echoserver:1.4
        ports:
        - containerPort: 8080

3๏ธโƒฃ Service

apiVersion: v1
kind: Service
metadata:
  name: echoserver-service
  namespace: echo-sound
spec:
  selector:
    app: echoserver
  ports:
  - port: 8080
    targetPort: 8080

4๏ธโƒฃ Ingress (Nginx version โ€“ most likely for exam)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echo
  namespace: echo-sound
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: example.org
    http:
      paths:
      - path: /echo
        pathType: Prefix
        backend:
          service:
            name: echoserver-service
            port:
              number: 8080

๐Ÿงช Testing

With DNS:

curl -o /dev/null -s -w "%{http_code}\n" http://example.org/echo

If it returns 200, you succeeded.

Without DNS (common in labs):

curl -o /dev/null -s -w "%{http_code}\n" -H "Host: example.org" http://NODE_IP:NODE_PORT/echo