Wednesday, May 27, 2026

Kubernetes Ingress

Kubernetes Ingress is a powerful and widely used way to manage external HTTP/HTTPS traffic into your Kubernetes cluster.

What is Kubernetes Ingress?

Ingress is an API object (kind: Ingress) that acts as a smart router for external traffic coming into your cluster. It defines rules for how HTTP and HTTPS requests should be routed to different Services inside Kubernetes.

Think of it as a reverse proxy or Layer 7 load balancer sitting at the edge of your cluster.

Why do we need Ingress?

Method Layer Pros Cons
NodePort L4 Simple Port conflicts, not production friendly
LoadBalancer L4 Cloud-native LB Expensive (one per service)
Ingress L7 Single entry point, routing, TLS Needs an Ingress Controller

Ingress solves the problem of exposing multiple services through one single IP/domain with intelligent routing.

Key Features of Ingress

  • Path-based routing (/api → backend1, /web → backend2)
  • Host-based routing (app1.example.com → service A, app2.example.com → service B)
  • TLS/SSL Termination
  • Load balancing
  • Name-based virtual hosting
  • URL rewriting, redirects, rate limiting (via annotations)

How Ingress Works

  1. Ingress Resource — You create a YAML file defining routing rules.
  2. Ingress Controller — This is the actual software (like NGINX, Traefik, HAProxy, Istio, etc.) that implements those rules.
  3. The controller watches Ingress objects in the cluster and automatically configures itself.
Important: Just creating an Ingress resource does nothing without an Ingress Controller running in the cluster.

Popular Ingress Controllers

  • NGINX Ingress Controller (most popular)
  • Traefik
  • HAProxy
  • AWS ALB Ingress Controller
  • GCE Ingress Controller
  • Contour
  • Istio Ingress (when using service mesh)

Basic Example 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx          # Important in newer Kubernetes
  tls:
  - hosts:
    - example.com
    secretName: example-tls
  rules:
  - host: example.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 80

      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80

Ingress vs Gateway API

Kubernetes is slowly moving from Ingress to the newer Gateway API (more flexible, role-oriented, better CRDs).

Feature Ingress Gateway API
Maturity Stable Gradually maturing
Flexibility Good Excellent
Complexity Simpler More powerful
Current Adoption Very High Growing rapidly

Summary

  • Ingress = Set of routing rules
  • Ingress Controller = The actual proxy that applies those rules
  • Best for exposing multiple HTTP applications under one or few domains with clean routing and TLS management.
For RS Chandras Tech Blog By -

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kubernetes Topology Spread Constraints

Topology spread constraints are rules in Kubernetes used to control how Pods are distributed across your cluster's failure doma...