What is ingress?

Ingress is a Kubernetes object that manages how external users can reach services running inside a cluster. It acts like a smart door that routes incoming web traffic to the right internal application based on rules you set.

Let's break it down

  • Kubernetes object: a piece of configuration that tells the cluster what to do.
  • External users: people or programs on the internet outside your cluster.
  • Services: groups of containers that work together to run an app.
  • Smart door: a metaphor for a component that decides where to send traffic.
  • Routing rules: simple instructions (like “if the URL contains /blog, send it to the blog service”).

Why does it matter?

Without ingress, every service would need its own public IP or port, which quickly becomes messy and expensive. Ingress lets you expose many apps through a single entry point, making management, security, and cost much easier.

Where is it used?

  • A company’s public website and API are both hosted in the same Kubernetes cluster, using ingress to direct traffic to the right backend.
  • A SaaS platform offers multiple customer-specific subdomains (customer1.app.com, customer2.app.com) and uses ingress to route each subdomain to the correct tenant service.
  • An internal development environment shares one load balancer, with ingress handling different test apps on separate paths like /frontend and /backend.
  • Edge computing devices expose a small web UI via ingress, allowing remote monitoring without exposing each service individually.

Good things about it

  • Consolidates many services behind a single IP or load balancer, saving resources.
  • Supports TLS/SSL termination, so you can manage HTTPS certificates in one place.
  • Provides flexible routing (host-based, path-based, header-based) without changing application code.
  • Works with many third-party controllers (NGINX, Traefik, HAProxy) to add extra features like rate limiting or authentication.
  • Simplifies DevOps pipelines by allowing new services to be exposed just by adding an ingress rule.

Not-so-good things

  • The default Kubernetes ingress is basic; advanced features often require a separate controller, adding complexity.
  • Misconfigured rules can expose internal services unintentionally, creating security risks.
  • Performance can become a bottleneck if a single ingress controller handles too much traffic without proper scaling.
  • Debugging routing problems can be tricky because the issue may lie in the ingress, the controller, or the underlying service.