Ingress

An Ingress manages external HTTP/HTTPS access to Services within the cluster.

Provides URL-based routing, SSL/TLS termination, and name-based virtual hosting
Requires an Ingress Controller to be installed in the cluster (e.g. NGINX, Traefik, HAProxy)
An Ingress does not expose arbitrary ports or protocols; for non-HTTP traffic, use a Service of type NodePort or LoadBalancer

More Information

https://kubernetes.io/docs/concepts/services-networking/ingress/

Example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 80
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 80

Path Types

Prefix: matches based on a URL path prefix split by / (e.g. /api matches /api, /api/v1)
Exact: matches the URL path exactly
ImplementationSpecific: matching depends on the Ingress Controller

TLS

Ingress can terminate TLS using a Secret containing the certificate and private key

spec:
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls-secret
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

More Information

https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

Ingress Controllers

An Ingress resource requires an Ingress Controller to function. Common options:

NGINX Ingress Controller
Traefik
HAProxy
AWS ALB Ingress Controller
Istio Gateway

More Information

https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/

Example​

Path Types​

TLS​

Ingress Controllers​

Example

Path Types

TLS

Ingress Controllers