K8SINGRESS: K8s Ingress
A Kubernetes Ingress resource defining HTTP/HTTPS routing rules, TLS termination, and external access to cluster services.
Default definition. This article describes the default
K8SINGRESS definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches K8SINGRESS.Entity properties
| Property | Value |
|---|---|
| Entity code | K8SINGRESS |
| Display name | K8s Ingress |
| Plural | K8s Ingresses |
| Level | 404 |
Use cases
K8SINGRESS represents the Kubernetes Ingress resource that maps external HTTP(S) traffic to internal services. The General panel captures the ingress class (nginx, traefik, etc.), host, path, path type, and default backend service (objectLookup to K8SSERVICE), plus load balancer IP/hostname assigned by the controller. TLS is given its own panel because certificate management is complex: it covers TLS enable/redirect, secret reference, cert issuer, certificate type and expiry, auto-renewal, minimum TLS version, and cipher suites.
Fields
Ingress Information
| Field | Type | Required | Notes |
|---|---|---|---|
name | text | Yes | Ingress Name. |
namespace | reference → K8SNAMESPACE | Yes | Namespace. |
ingressClass | text | e.g., nginx, traefik | |
status | enum | Yes | Valid ids: 1 (Active), 2 (Pending), 3 (Failed), 4 (Unknown). |
Host Configuration
| Field | Type | Required | Notes |
|---|---|---|---|
host | text | e.g., api.example.com | |
path | text | e.g., /api/v1 | |
pathType | enum | Valid ids: 1 (Prefix), 2 (Exact), 3 (ImplementationSpecific). | |
defaultBackend | reference → K8SSERVICE | Default Backend. |
Load Balancer
| Field | Type | Required | Notes |
|---|---|---|---|
loadBalancerIP | text | Load Balancer IP. | |
loadBalancerHostname | text | Load Balancer Hostname. | |
externalDNS | text | DNS name for external access | |
priority | number | Rule evaluation priority | |
weight | number | Traffic distribution weight |
TLS Configuration
| Field | Type | Required | Notes |
|---|---|---|---|
tls | boolean | TLS Enabled. | |
tlsRedirect | boolean | Force TLS Redirect. | |
tlsHosts | text (multi-line) | Hosts covered by TLS cert | |
tlsSecretName | text | K8s secret containing cert | |
certIssuer | text | e.g., letsencrypt |
Certificate Details
| Field | Type | Required | Notes |
|---|---|---|---|
certType | enum | Valid ids: 1 (Self-signed), 2 (Let's Encrypt), 3 (Commercial CA), 4 (Internal CA). | |
certExpiryDate | date | Certificate Expiry. | |
certAutoRenew | boolean | Auto-renew Certificate. | |
tlsMinVersion | enum | Valid ids: 1 (1.0), 2 (1.1), 3 (1.2), 4 (1.3). | |
cipherSuites | text (multi-line) | Allowed cipher suites |
Routing Rules
| Field | Type | Required | Notes |
|---|---|---|---|
rules | text (multi-line) | Complete routing rules (JSON format) | |
rewriteEnabled | boolean | URL Rewrite Enabled. | |
rewriteTarget | text | Target path for rewrites | |
corsEnabled | boolean | CORS Enabled. | |
corsOrigins | text | Allowed origins |
Common Annotations
| Field | Type | Required | Notes |
|---|---|---|---|
annotations | text (multi-line) | Key-value pairs (JSON) | |
rateLimit | number | Rate Limit (req/min). | |
connectionLimit | number | Connection Limit. | |
bodySize | number | Max Body Size (MB). | |
timeout | number | Timeout (seconds). |
Advanced Configuration
| Field | Type | Required | Notes |
|---|---|---|---|
labels | text (multi-line) | Key-value pairs (JSON) | |
authType | enum | Valid ids: 1 (None), 2 (Basic), 3 (OAuth2), 4 (JWT), 5 (API Key). | |
authSecret | text | Auth Secret. | |
whitelistSourceRange | text (multi-line) | Allowed source IPs (CIDR) |
Traffic Metrics
| Field | Type | Required | Notes |
|---|---|---|---|
requestsPerSecond | number | Requests/sec. | |
avgResponseTime | number | Avg Response Time (ms). | |
errorRate | gauge | Error Rate %. | |
successRate | gauge | Success Rate %. | |
totalRequests | number | Total Requests (24h). | |
bandwidthIn | number | Bandwidth In (MB/s). | |
bandwidthOut | number | Bandwidth Out (MB/s). | |
activeConnections | number | Active Connections. |
Security Configuration
| Field | Type | Required | Notes |
|---|---|---|---|
wafEnabled | boolean | WAF Enabled. | |
wafProvider | enum | Valid ids: 1 (None), 2 (ModSecurity), 3 (AWS WAF), 4 (Cloudflare), 5 (Custom). | |
ddosProtection | boolean | DDoS Protection. | |
geoBlocking | boolean | Geo-blocking Enabled. | |
blockedCountries | text (multi-line) | Country codes to block | |
allowedCountries | text (multi-line) | Country codes to allow | |
securityHeaders | text (multi-line) | Additional security headers (JSON) |
Recent Events
| Field | Type | Required | Notes |
|---|---|---|---|
events | text (multi-line) | Last 50 ingress events | |
lastModified | datetime | Last Modified. | |
lastReloadTime | datetime | Last Reload. |
Relationships
- Lookups:
namespacepoints at aK8SNAMESPACErecord;defaultBackendpoints at aK8SSERVICErecord. - Related lists:
K8SSERVICE.
Creating a K8s Ingress via the API
POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json
{
"entity": "K8SINGRESS",
"level": 404,
"comboKey": "SUB:<your-sub-id>|ENT:",
"name": "Example",
"namespace": "",
"status": "1",
"ingressClass": "..."
} Listing K8s Ingresses
# All records in your tenant
GET /v1/entities/K8SINGRESS/SUB:<your-sub-id>