While a LoadBalancer Service is simple, it's expensive (one per Service). Ingress allows you to use one entry point (one IP/Load Balancer) to route traffic to dozens of internal Services based on paths or hostnames.
1. How Ingress Works
You need two things:
- Ingress Controller: The actual server (like Nginx, Traefik, or HAProxy) that handles the traffic.
- Ingress Resource: The YAML rules that tell the controller where to send the traffic.
2. Creating an Ingress Resource
ingress.yaml:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: main-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 8080
- path: /web
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80Apply and Verify
Action:
kubectl apply -f ingress.yaml
kubectl get ingressResult:
NAME CLASS HOSTS ADDRESS PORTS AGE
main-ingress nginx myapp.com 203.0.113.10 80 30s(Traffic to http://myapp.com/api now goes to api-service, and http://myapp.com/web goes to web-service!)
3. SSL/TLS Termination
Ingress can also handle your HTTPS certificates, so your backend services don't have to.
Action (Manifest snippet):
spec:
tls:
- hosts:
- myapp.com
secretName: myapp-tls-secretSummary
- Ingress Controller: The traffic-handling software (Nginx, Traefik).
- Ingress Resource: Your routing rules (YAML).
- Path-Based Routing:
/apivs/web. - Host-Based Routing:
api.myapp.comvsshop.myapp.com. - SSL Termination: Decrypts HTTPS at the entry point.