# -------------------------------------------------------------------------------------------# Title: Kubernetes Ingress Configuration for Weather ML MLOps Platform# Purpose: Defines external access routing for the production Weather ML application# Owner: MLOps Team / Platform Engineering# Source: k8s/ingress.yaml in weather-ml-platform repository# Last-Reviewed: 2025-08-24# Depends-On: weather-ml-service (k8s/service.yaml), weather-ml deployment (k8s/deployment.yaml)# Change-Log:# - 2025-08-24: Updated file header to industry standards, improved documentation# Links:# - Project Documentation: docs/infra/# - Kubernetes Ingress Docs: https://kubernetes.io/docs/concepts/services-networking/ingress/# -------------------------------------------------------------------------------------------# File Purpose and Architecture# WHY: External traffic entry point for production MLOps platform# This manifest enables secure external access to the Weather ML application by:# - Routing HTTPS traffic through Traefik Ingress Controller# - Terminating TLS connections for encrypted data transmission# - Forwarding requests to the FastAPI backend via weather-ml-service# - Supporting MLOps workflow visualization and model training interfaces## Critical Path: External Client → Ingress → Service → Deployment → FastAPI Application## Prerequisites and Dependencies# WHY: Ensures proper network connectivity and security# - Valid DNS record must point to the Ingress controller's LoadBalancer IP# - TLS certificate secret must exist for HTTPS encryption (provision via cert-manager)# - Traefik Ingress Controller must be running in the cluster# - weather-ml-service (k8s/service.yaml) must exist in the same namespace# - weather-ml deployment (k8s/deployment.yaml) must be healthy and ready## Security Considerations# WHY: Prevents unauthorized access and ensures encrypted communication# - TLS termination protects data in transit# - Host-based routing prevents misdirected traffic# - Service-level authentication handles internal security## Configuration Requirements# WHY: Ensures proper deployment and functionality# - Replace 'your-production-domain.com' with actual production domain# - Replace 'your-tls-secret' with the name of your TLS certificate secret# - Verify Ingress controller matches cluster's installed ingress solution# Kubernetes Ingress Resource Definition# WHY: Provides external access to the Weather ML applicationapiVersion:networking.k8s.io/v1# Kubernetes API version for Ingress resourceskind:Ingress# Resource type for external traffic routing# Metadata Section# WHY: Identifies and configures the Ingress resourcemetadata:name:weather-ml-ingress# Unique identifier for this Ingress resourceannotations:kubernetes.io/ingress.class:"traefik"# WHY: Specifies Traefik as Ingress Controller# Specification Section# WHY: Defines traffic routing behavior and securityspec:# Transport Layer Security Configuration# WHY: Enables HTTPS encryption for secure external communicationtls:-hosts:-your-production-domain.com# Domain for HTTPS certificate validationsecretName:your-tls-secret# Kubernetes Secret with TLS certificate# Routing Rules Configuration# WHY: Defines how external requests are matched and forwarded to servicesrules:-host:your-production-domain.com# Host matching for domain-specific routinghttp:paths:# URL path-based routing configuration-path:/# Root path matching for all application routespathType:Prefix# WHY: Match paths starting with specified prefixbackend:# WHY: Defines target service for matching requestsservice:name:weather-ml-service# Target Service (must exist in same namespace)port:number:80# Service port (not Pod targetPort)