Ingress in Kubernetes

What is Ingress?

In Kubernetes, services inside the cluster are usually accessible only within the cluster itself. If you want external users to access your applications, you need a way to route their requests properly.

There are three common ways to expose applications:

  • NodePort: Exposes a service on each node’s IP at a static port.
  • LoadBalancer: Creates an external load balancer for a service.
  • Ingress: A smarter way to manage HTTP/HTTPS traffic, allowing multiple services to be accessed via a single load balancer.

Why Use Ingress?

Instead of exposing each service separately using NodePort or LoadBalancer, Ingress acts as a gateway to route incoming traffic to different services based on:

  • Hostnames: Example - app1.example.com vs. app2.example.com.
  • Paths: Example - /app1 routes traffic to App1, and /app2 routes traffic to App2.
  • Secure HTTPS Termination: Ingress can handle SSL/TLS certificates.
  • Centralized Traffic Management: A single Ingress controller can manage traffic for multiple services.

How Ingress Works

Ingress acts as a reverse proxy that sits in front of your services and intelligently directs traffic to the correct destination.

To enable Ingress, you need an Ingress Controller. Kubernetes does not come with one by default, so you must install a controller like:

  • NGINX Ingress Controller
  • Traefik
  • HAProxy Ingress Controller

Basic Ingress Example

Below is an example Ingress YAML file that routes requests to two different services based on the URL path.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /app1
        pathType: Prefix
        backend:
          service:
            name: app1-service
            port:
              number: 80
      - path: /app2
        pathType: Prefix
        backend:
          service:
            name: app2-service
            port:
              number: 80

How It Works:

  • myapp.example.com - The hostname for incoming requests.
  • /app1 → Routes traffic to app1-service.
  • /app2 → Routes traffic to app2-service.

Installing NGINX Ingress Controller

To use Ingress, you must install an Ingress controller. Below is how you install the NGINX Ingress Controller using Helm:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install my-ingress-controller ingress-nginx/ingress-nginx

Securing Ingress with TLS (SSL)

Ingress can terminate TLS (SSL) connections, meaning you can use HTTPS instead of HTTP. Here’s an example of an Ingress that uses TLS:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: secure-ingress
spec:
  tls:
  - hosts:
    - mysecureapp.example.com
    secretName: tls-secret
  rules:
  - host: mysecureapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: secure-service
            port:
              number: 443

Key Points:

  • tls-secret - A Kubernetes secret that contains the SSL certificate.
  • HTTPS Traffic: Requests to mysecureapp.example.com will be served securely.

Conclusion

Using Ingress makes it much easier to manage external traffic in Kubernetes. Instead of exposing multiple services with separate LoadBalancers or NodePorts, Ingress provides a single entry point.

In the next topic, we will cover Kubernetes Services and how they enable communication between different parts of your application.