Ingress is a Kubernetes API object that is used to expose HTTP and HTTPS routes from outside the Kubernetes cluster to services inside the cluster. It provides a single entry point into a cluster hence making it simpler to manage applications and troubleshoot routing issues. The official definition of Ingress says "Ingress is an API object that manages external access to the services in a Cluster".
Key Components of Kubernetes Ingress
- Ingress Resource: Defines the routing rules for directing external traffic to internal services. This component holds all the configuration details like host-based and path-based routing.
- Ingress Controller: Implements the rules defined in the Ingress Resource. It watches for changes and updates, ensuring traffic flows according to the defined configuration. Popular Ingress Controllers include NGINX, HAProxy, and Traefik.
- Backend Services: The services receiving the traffic directed by Ingress. These could be any internal applications or APIs within your Kubernetes cluster.
Benefits of Kubernetes Ingress
Kubernetes Ingress streamlines external access to services within a Kubernetes cluster offering benefits that enhance both management and scalability. Here’s why Kubernetes Ingress is a go-to solution:
- Centralized Traffic Management: Ingress provides a single access point to route traffic to multiple services. This simplifies control and improves the flow of information into your cluster.
- Efficient Load Balancing: Distribute incoming traffic evenly across your services boosting performance and preventing overloads.
- Path and Host-based Routing: Direct traffic to specific services based on the URL path or hostname. This is especially helpful for managing complex multi-service applications.
- SSL Termination: Simplify SSL certificate management by handling encryption and decryption at the Ingress level enhancing security without extra steps.
- Reduced IP Usage: Unlike multiple LoadBalancer services Ingress uses a single IP to manage access reducing the need for additional external IPs.
- Enhanced Security: By centralizing access control Ingress allows for easier implementation of security policies like rate limiting authentication and firewall rules.
Architecture of Kubernetes Ingress
Kubernetes Ingress acts like a traffic controller for managing the income traffic to the Kubernetes cluster. It manages the external access to the services within the kubernetes. The following are its internal concepts and terminologies:
- Routing: Kubernetes Ingress defines the rules in the Routing table for external HTTP and HTTPS traffic to the inside kubernetes cluster services based on the hostname and paths.
- Load Balacing: Load Balancing facilitates in distributing the income traffic to multiple backend servers providing scalability and reliability to the cluster.
- TLS Termination: Ingress handles the TLS/SSL termination for providing a secured communication between the clients and services.
- Path-Based Routing: In Routing Table we can define the rules based on the URL paths also. With this the traffic will be distributed to backend servers based on the paths accordingly.
- Virtual Hosts: Ingress facilitates virtual hosting i.e., hosting multiple domains on the same cluster and directs the traffic to different services based on the domain name.
.webp)
Working Principle of Ingress
Ingress serves as a reverse proxy that helps direct incoming traffic to the correct services within a Kubernetes cluster. It operates based on two key components: Ingress Controllers and Ingress Rules.
1. Ingress Controllers
Ingress Controllers are pods running within the Kubernetes cluster that handle the traffic routing. These controllers act as reverse proxies, interpreting and enforcing the rules set in the Ingress resources. Essentially, they manage the flow of inbound requests and direct them to the appropriate service inside the cluster.
2. Ingress Rules
Ingress Rules define how traffic should be directed within the cluster. When a request comes in, the Ingress Controller checks these rules and forwards the request to the corresponding service.
For example, an Ingress rule might route traffic from serviceA.example.com to Service A within the cluster, while traffic for serviceB.example.com is forwarded to Service B. You can also configure routing based on URL paths, such as directing example.com/serviceA to Service A and example.com/serviceB to Service B.
Another critical aspect of Ingress is managing SSL/TLS encryption. The Ingress Controller uses secrets within Kubernetes to handle the decryption of secure traffic, ensuring it’s safely forwarded to the correct service.
Ingress, Services and Endpoints
Ingress works in conjunction with Services and Endpoints to manage how traffic flows in the cluster.
- Services in Kubernetes act as an abstract layer that exposes the functionality of applications running on a set of pods. They provide a stable access point for other applications to communicate with the pods, regardless of the pods' dynamic nature.
- Endpoints store the IP addresses and ports of the pods that a service targets.
When traffic reaches the cluster, Ingress uses these services to forward requests to the appropriate pod. This ensures that, even as pods change or scale, the traffic routing remains stable and accurate.
Kubernetes Ingress Resources
In Kubernetes, an Ingress is an API object that manages the external access to the services within the kubernetes cluster. It acts an abstraction layer for routing traffic from outside the cluster to services inside the cluster. The following are its main concepts and terminologies:
- Routing Rules: Ingress facilitates you to define the rules for routing HTTP and HTTPS traffic based on the hostnmes or paths to different services in your cluster.
- Load Balancing: It provides the load balancing capabilities, distributing the incoming traffic across multiple pods or services.
- TLS Termination: Ingress can also able to handle the SSL/TLS termination by allowing you to encrypt the traffic from outside the cluster to your services.
- Reverse Proxy: It functions as a Reverse proxy, forwarding the requests from the clients to appropriate services based on the defined rules.
Kubernetes Ingress Class
Kubernetes Ingress Class is like a routing rulebook in which the rules are defined to manage the incoming traffic. It is manages the direct external access to the services in the kubernetes cluster by acting as a traffic controller. When we define the different ingress classes based on our needs like one class is defined for regular web traffic and another for internal services. Each Ingress Class has its own set of rules for handling the incoming traffic requests.
For Instance, on Ingress class might route all the requests with /api to your backend API service and another that sends requests for "/" to your frontend webapp.
Types of Ingress
Ingress refers to an unthorized entry or access into your system, network or physical spaces that presents the security risks and potential harm. The following are the types of ingress, each presents its own risks and challenges:
- Physical Ingress: It involves gaining the physical access to a system or network bypassing the physical security measures such as locked doors, security guards. It also involves stealing of devices like laptops or USB drivers.
- Network Ingress: Network ingress occurs when the attackers gains the access of a network through vulnerabilities in the infrastructure such as unsecured wifi networks, open ports or weak passwords. This leads to unathorized security access to sensitive data.
- Software Ingress: It involves in exploiting the vulnerabilities in software applications or operating systems to aunthorized access to a system or network. This can include exploiting the bugs, malware or with techniques like phishing to trick users to reveal sensitive information.
Updating an Ingress
Updating the Ingress involves in modifying the configuration file of the Routing Table. Routing rules of how external traffic is routed to services within the kubernetes cluster as to be modified. The following are steps for updating an Ingress to define rules for HTTP and HTTPS traffic to different services based on criteria like hostname and paths.
Step 1: Modify the YAML Configuration
Here, we can modify the yaml configuration file that defines the ingress resources using `kubectl edit` or by directly modifying the YAML file.
Step 2: Apply Changes
After once the changes are made in the configuration file, you can apply the changes using the following command in the kubernetes cluster.
kubectl apply -f ingress.yml
Step 3: Verfiication
Once we applied the changes, we should verify whether the ingress is updated correctly or not using the following command.
kubectl get ingress
Or we can also verify it by checking the status in our kubernetes dashboard.
Step 4: Testing
It is important to test the updated configuration of ingress to ensure the traffic is routed as per expected or not. we can perform this by sending the requests to the associated services and verifying its responses.
Step 5: Rollback ( if necessary )
If the update leads to any issues or anying unexpected behaviour, we can rollback it to the previous configuration by reapplying the older YAML file.
Ingress Configuration File Example
In this configuration file of Ingress, specification is where the whole configuration happens, we have rules or routing rules attribute which defines that all the requests to "shubham.com" must be forwarded to the internal service "myapp-internal-service".
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: myapp-ingress
spec:
rules:
- host: shubham.com
http:
paths:
- backend:
serviceName: myapp-internal-service
servicePort: 8080
What is Ingress Controller?
An Ingress Controller is a Kubernetes Component that is responsible for evaluation and processing of Ingress routes. An Ingress Controller acts as a Reverse Proxy and Load Balancer. An example of an Ingress Controller is Kubernetes Nginx Ingress Controller which is an Ingress Controller by Kubernetes.
In order to make the ingress routing rules to work, we need an implementation for Ingress and that implementation is called Ingress Controller. Therefore, before configuring Ingress to a Cluster, we would first have to install an Ingress Controller which is basically another Pod or set of Pods that run on your Node in your Kubernetes Cluster and is responsible for evaluation and processing of Ingress routes. The function of ingress controller is to evaluate all the rules that you have defined in your Cluster and manage all the redirections.
What are Ingress Rules?
Ingress Rules define how requests should be handled and routed. When a request arrives, the Ingress Controller looks at these rules to determine where the traffic should go. For instance:
- Traffic to
serviceA.yourdomain.com is sent to serviceA. - Traffic to
serviceB.yourdomain.com is routed to serviceB.
Ingress can also route traffic based on URL paths. For example:
- Requests to
yourdomain.com/serviceA are directed to serviceA. - Requests to
yourdomain.com/serviceB are sent to serviceB.
Managing Secure Communication with SSL/TLS
Ingress also ensures secure communication by handling SSL/TLS encryption. It uses secrets stored in the cluster to decrypt incoming encrypted traffic and then passes it securely to the intended services.
By using Ingress, Kubernetes enables efficient, secure, and flexible traffic routing within the cluster, simplifying how services handle external requests.
Ingress, Services, and Endpoint Resources in Kubernetes
Ingress, Services, and Endpoint Resources work together to manage traffic routing in a Kubernetes environment.
1. Services in Kubernetes
A Kubernetes Service provides an abstraction layer to expose applications running in Pods. It creates a consistent endpoint for accessing the application, making it easier for other components to communicate with it without worrying about changes in the underlying Pod IPs.
2. Endpoint Resources
Endpoint Resources are objects in Kubernetes that maintain a list of IP addresses and ports for the Pods associated with a Service. These endpoints ensure that traffic from a Service is directed to the appropriate Pods.
3. Role of Ingress
Ingress serves as a gateway for directing external traffic into the cluster. It forwards requests to the appropriate Service, which then routes the traffic to the corresponding Pods through their Endpoint Resources. This setup allows Ingress to handle dynamic changes in Pods while maintaining stable access to the application.
By working together, Ingress, Services, and Endpoint Resources ensure smooth traffic flow within a Kubernetes cluster, even as Pods scale or change dynamically.
Kubernetes Ingress Controllers List
Kubernetes controller is essential for managing the inbound traffic to the kubernetes cluster. The following are the some of the widely used kubernetes Ingress Controllers:
- Nginx Ingress Controller: It is the one of the popular option for kubernetes. It configures the NGINX to route traffic to kubernetes services.
- Traefik: It is a modern HTTP reverse proxy and load balancer that is made for microservices. It's known for its simplicity and dynamic configuration.
- HAProxy Ingress: It utilizes the HAProxy as its uderlying proxy for handling incoming traffic. It is highly configurable and suitable for complex routing requirements.
- Contour: It is build on top of Envoy proxy. It is designed to work seamlessly with kubernetes offering features like HTTP/2 and TLS Termination.
- Istio: Istio is a primarly a mesh service and can also functions as ingress controller offering effective traffic management capabilities, security features and observability.
Creating an Ingress in Kubernetes
Follow this tutorial step by step in order to create and work with Ingress configuration files in Minikube. Minikube is a one-node Kubernetes cluster where master processes and work processes both run on one node.
Step 1: You can skip this step if you already have a Kubernetes Cluster running in your machine. But in case you don't have a Cluster running enter the following command to create Kubernetes locally using minikube:
minikube start
- If you are logged in as a root user you might get an Error message:
Exiting due to DRV_AS_ROOT: The "docker" driver should not be used with root privileges.
- This is because the default driver in the Docker driver and it should not be used with root privileges. For fixing this we should log in as a different user that the root user.
- Enter the following command to add a new user:
adduser [USERNAME]
- Now enter the following command to login as a new user
su - [USERNAME]
- And after this the command 'minikube start' should work fine.
Step 2: Let us now install ingress controller in Minikube and the way to do that is by executing minikube add-ons command. Enter the following command in your ternimal:
minikube addons enable ingress
- you will get a similar result as shown in following Screenshot
- What this does is it automatically configures or automatically starts the Kubernetes nginx implementation of ingress controller.
- It is one of the many third-party implementations which you can also safely use in production environments.
Step 3: Now we will create an ingress rule that the controller can evaluate. This is quite a complicated process.
- Firstly, we already have internal service for kubernetes-dashboard and a Pod for that. We are configuring an ingress rule for the dashboard.
- Check the list of namespaces by the following command:
kubectl get ns
- In case you don't have it already, you can use this command to get kubernetes-dashboard namespace.
minikube dashboard
Step 4: Now that we have kubernetes-dashboard, we can check all the components inside the kubernetes-dashboard namespace using the following command:
kubectl get all -ns kubernetes-dashboard
- You can see the internal service called kubernetes-dashboard with a Port = 80 and the pod inside the namespace, note that down since we are going to use this when working on the Ingress rule.
Step 5: Now let's create the Ingress rule for the namespace kubernetes-dashboard. This means that we will specify the namespace as kubernetes-dashboard.
- Create a file called dashboard-ingress.yaml and enter the following code inside it.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
spec:
rules:
- host: dashboard.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 80
- You can see that the serviceName and the Port resembles to what to talked about in the earlier step.
Step 6: Now, let's apply the Ingress rule, you can do that by entering the following command in your terminal:
kubectl apply -f dashboard-ingress.yaml
- And the ingress will be created. Now if we checkout the list of Ingress in kubernetes-dashboard namespace by entering the following command
kubectl get ingress -n kubernetes-dashboard
- We can find our dashboard-ingress that we created. Make sure to note down the Address of the Ingress, we will use it in later steps.
Step 7: Now what we will do is we will take that address and in the hosts file, at the end we will define that mapping, we will map IP address to dashboard.com . We can do that by entering the following command:
sudo vim /etc/hosts
- Then you can type your password and enter this to your hosts file:
[IP_ADDRESS] dashboard.com
- the hosts file would look somewhat like this:
- What this does is that if you type dashboard.com in the browser, it will be mapped to the IP address we assigned. (192.168.49.2 in this case).
- This basically means that the request that will come in to our Minikube cluster will be handed over to Ingress controller and the Ingress controller then will evaluate the rule that we defined and forward that request to service.
Step 8: And with this we have finally setup the Ingress rule. We can simply go to dashboard.com in our machine and you will get the kubernetes dashboard there.
- It will look similar to this. (this is not the entire website screenshot, only for reference).
- With that the tutorial for Kubernetes Ingress is complete and you learned how to implement Kubernetes Ingress using a configuration file.
- Let's now conclude the article and discuss some frequently asked questions about Kubernetes Ingress.
Differences Between Ingress, NodePort and LoadBalancer
Parameter
| Ingress | NodePort | LoadBalancer |
|---|
Definition | Ingress is a Kubernetes API object that is used to expose HTTP and HTTPS routes from outside the cluster to services inside the cluster. | NodePort is a Service that is accessible on a static Port on each Worker Node in the cluster. | Load Balancer Service type allows the Service to become accessible externally through a Cloud Provider's Load Balancer functionality. |
|---|
Use | Ingress provides a single entry point into a cluster hence making it simpler to manage applications and troubleshoot routing issues. | NodePort Service makes the external traffic accessible on static or fixed port on each worker Node | LoadBalancer Service is an extension of NodePort Service. To understand LoadBalancer Service type, you must know about Load Balancing. Load Balancing is the process of dividing a set of tasks over a set of resources in order to make the process fast and efficient. |
|---|
Configuration | Ingress is configured with the help of rules that define how to route traffic to different services based on hostnames or paths.
| NodePort is configured by specifying the NodePort and the target port for the service. | LoadBalancer is als configured same as NodePort. |
|---|
Range | No specific port range is defined for Ingress.
| NodePort range is between 30000-32767 | LoadBalancer uses standard HTTP and HTTPS ports |
|---|
Difference Between Kubernetes Ingress and Nginx Ingress
The following are the differences between Kubernetes Ingress and Nginx Ingress:
Kubernetes Ingress | Nginx Ingress |
|---|
It is a native kubernetes resource | It is a Kubernetes controller extension |
It used for managing the external excess to the services within the kubernetes cluster | It enhances the nginx functionalities and capabilities |
It is implemented as a resource in kubernetes | It is implemented as a kubernetes controller extension |
It define rules for HTTP and HTTPS routing | It enhances the routing features with nginx capabilities. |
It provides the basic load balancing facilities | It enhances the load balancing features with nginx capabilities |
Kubernetes Ingress vs Kubernetes Egress
Aspect | Kubernetes Ingress | Kubernetes Egress |
|---|
Purpose | Manages incoming traffic to services within the cluster | Controls outbound traffic from services in the cluster |
Traffic Direction | External to internal (clients accessing cluster services) | Internal to external (cluster services accessing external resources) |
Primary Use Case | Exposing services to the outside world (e.g., websites, APIs) | Accessing external services like databases, APIs, or web services |
Routing Rules | Path-based, host-based routing (URL paths, hostnames) | Typically involves IP or port filtering |
Security Enhancements | SSL/TLS termination, centralized access control | Firewall rules, VPN for secure external connections |
Common Tools | Ingress Controllers (e.g., NGINX, Traefik) | Network policies, Egress rules in NetworkPolicy |
IP Usage | Uses a single IP to direct traffic to multiple services | Managed per service or cluster-level, often through external IPs |
Ideal For | Managing external client access to cluster-hosted services | Restricting and managing cluster service access to external networks |
Kubernetes Ingress vs Load Balancer
Aspect | Kubernetes Ingress | Load Balancer |
|---|
Purpose | Routes and manages external traffic to multiple services within the cluster | Provides direct access to a specific service within the cluster |
Traffic Routing | Uses path-based and host-based rules to route traffic | Routes traffic to one service with no internal routing rules |
Configuration | Managed with Ingress resources and controllers | Typically configured at the service level (e.g., LoadBalancer service) |
SSL Termination | Supports centralized SSL/TLS termination for multiple services | SSL termination is handled per Load Balancer setup |
Single IP Access | Uses a single IP to route requests to different services | Each LoadBalancer service requires its own IP |
Cost Efficiency | More cost-effective for multiple services due to shared resources | Can be costly as each LoadBalancer service typically incurs a charge |
Scalability | Suitable for complex applications needing routing for multiple endpoints | Ideal for simpler applications needing a direct service entry point |
Kubernetes Ingress vs Gateway API
Aspect | Kubernetes Ingress | Gateway API |
|---|
Purpose | Manages and routes external traffic to services within the Kubernetes cluster | Provides advanced traffic management including multi-layer routing and cross-cluster support |
Traffic Management | Primarily supports HTTP and HTTPS routing based on hostnames and paths | Offers protocol-agnostic routing (HTTP, HTTPS, TCP, GRPC) and granular traffic control |
Configuration | Configured using Ingress resources and Ingress Controllers | Configured using Gateway, Route and HTTPRoute resources for more flexibility |
Advanced Features | Basic routing capabilities (path- and host-based) | Supports advanced features like weighted routing, traffic splitting and retries |
Multi-Tenancy | Limited multi-tenancy support; typically scoped to a single namespace | Designed for multi-tenancy, allowing multiple teams to manage traffic independently |
Standardization | Widely adopted but has limited extensibility | Gateway API is a Kubernetes SIG project aiming to standardize service networking |
Ideal Use Cases | Simple routing for HTTP/HTTPS traffic to cluster services | Complex, multi-layer routing cross-cluster traffic control or protocol-specific routing |
Conclusion
Ingress is a Kubernetes API object that is used to expose HTTP and HTTPS routes from outside the cluster to services inside the cluster. It provide a single entry point into a cluster hence making it simpler to manage applications and troubleshoot routing issues. Make sure to follow the tutorial as well as create a new Ingress configuration file and implement it in a Minikube cluster to practice it, that is the best way to understand Kubernetes Ingress.
We hope that this article helped you improve your understanding about Kubernetes Ingress and you learned something valuable out of it.
Similar Reads
Kubernetes - Images
Pre-requisite:- Kubernetes A container image is used to represent binary data that is being used to encapsulate an application and all its software dependencies. Container images can be represented as executable software bundles that run standalone and make very defined assumptions about their runti
3 min read
Kubernetes kOps
Kubernetes Kops smoothes out the deployment and management of the Kubernetes cluster, tending to the intricacies related to orchestrating containerized applications. Kubernetes, an open-source container orchestration platform, mechanizes application sending and scaling. Be that as it may, proficient
11 min read
Kubernetes - Jobs
Pre-requisite: Kubernetes In the Kubernetes world, jobs are considered an object to act as a supervisor or controllers of a task. The Kubernetes job will create a pod, monitor the task, and recreate another one if that pod fails for some reason. Upon completion of the task, it will terminate the pod
4 min read
Kubernetes - ConfigMaps
An open-source container orchestration system called Kubernetes is primarily used for automated software deployment, scaling, and management. Another name for Kubernetes is K8s. Originally developed by Google, Kubernetes is now managed by the Cloud Native Computing Foundation. Although it now suppor
10 min read
kubernetes vs Jenkins
A popular automation server is Jenkins, while Kubernetes is an open-source framework for container orchestration. Selecting the best solution for your requirements might be difficult because Kubernetes and Jenkins both have special capabilities and advantages. Table of Content Difference Between Kub
9 min read
Google Kubernetes Engine
Pre-requisite: Google Cloud Platform This article intends to provide an introduction to the Google Kubernetes Engine(GKE). Google Kubernetes Engine is a fully-managed service for running and managing containerized applications on the Google Cloud Platform. GKE is based on Kubernetes, an open-source
6 min read
Kubernetes - Architecture
Kubernetes Cluster mainly consists of Worker Machines called Nodes and a Control Plane. In a cluster, there is at least one worker node. The Kubectl CLI communicates with the Control Plane and the Control Plane manages the Worker Nodes. In this article, we are going to discuss in detail the architec
5 min read
Kubernetes - Kubectl
Kubectl is a command-line software tool that is used to run commands in command-line mode against the Kubernetes Cluster. Kubectl runs the commands in the command line, Behind the scenes it authenticates with the master node of Kubernetes Cluster with API calls and performs the operations on Kuberne
12 min read
Kubernetes Cluster
A group of nodes (Computers/Operating systems) working together to communicate with the help of Kubernetes software is known as the Kubernetes cluster. It works in a mechanism in such a way that it performs actions on the worker node with the help of the manager node. Need for a Kubernetes ClusterIn
6 min read
Kubernets Annotations
Kubernetes or K8s is a container orchestration platform. ​By the term container orchestration, we mean that the microservices that we build are deployed in containers which in turn are placed in clusters. Between the clusters and the containers, there are layers like nodes and pods. What is a Resour
4 min read