Try Sailor Cloud - 25% off!

Claim Now
Back to all posts

Kubernetes Ingress: External Access to Your Services

#kubernetes #ingress #networking #cka #ckad

Kubernetes Ingress: External Access to Your Services

Ingress provides HTTP/HTTPS routing to services based on hostname or path. It’s more powerful than NodePort or LoadBalancer for web applications.

Ingress vs Service Types

FeatureNodePortLoadBalancerIngress
L4/L7L4L4L7
TLSManualManualBuilt-in
Path routingNoNoYes
Host routingNoNoYes
CostFreePer LBOne LB

Prerequisites

You need an Ingress Controller (e.g., NGINX, Traefik):

# Install NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml

Basic Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-ingress
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

Path-Based Routing

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: path-ingress
spec:
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /users
        pathType: Prefix
        backend:
          service:
            name: users-service
            port:
              number: 8080
      - path: /products
        pathType: Prefix
        backend:
          service:
            name: products-service
            port:
              number: 8080

Host-Based Routing

spec:
  rules:
  - host: app1.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app1
            port:
              number: 80
  - host: app2.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app2
            port:
              number: 80

TLS Configuration

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: tls-ingress
spec:
  tls:
  - hosts:
    - secure.example.com
    secretName: tls-secret
  rules:
  - host: secure.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: secure-app
            port:
              number: 443

Create TLS Secret

kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key

Debugging Ingress

kubectl get ingress
kubectl describe ingress my-ingress
kubectl logs -n ingress-nginx deployment/ingress-nginx-controller

Practice Ingress

Ingress configuration appears in CKA and CKAD exams. Practice at Sailor.sh.

Start Free Practice