Kubernetesdevops~5 mins

Why Ingress manages external access in Kubernetes - Why It Works

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you run applications inside Kubernetes, they are hidden inside the cluster. Ingress helps you control how users from outside the cluster can reach your apps safely and easily.

When you want to let users access multiple apps through one web address.

When you need to control traffic rules like which app gets traffic based on the URL path.

When you want to secure access using HTTPS with certificates.

When you want to avoid exposing each app with its own public IP or load balancer.

When you want to manage external access centrally instead of configuring each app separately.

Config File - ingress.yaml

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /app1
        pathType: Prefix
        backend:
          service:
            name: app1-service
            port:
              number: 80
      - path: /app2
        pathType: Prefix
        backend:
          service:
            name: app2-service
            port:
              number: 80
  tls:
  - hosts:
    - example.com
    secretName: example-tls-secret

This Ingress resource defines rules to route external traffic coming to example.com to two different services inside the cluster: app1-service and app2-service, based on the URL path.

The tls section enables HTTPS using a secret that holds the TLS certificate.

The annotation tells the NGINX Ingress controller to rewrite the URL path before sending it to the backend service.

Commands

This command creates the Ingress resource in Kubernetes, setting up rules for external access to your apps.

Terminal

kubectl apply -f ingress.yaml

Expected OutputExpected

ingress.networking.k8s.io/example-ingress created

This command checks that the Ingress resource is created and shows its address and rules.

Terminal

kubectl get ingress example-ingress

Expected OutputExpected

NAME CLASS HOSTS ADDRESS PORTS AGE example-ingress <none> example.com 192.168.1.100 80,443 10s

This command shows detailed information about the Ingress, including backend services and TLS settings.

Terminal

kubectl describe ingress example-ingress

Expected OutputExpected

Name: example-ingress Namespace: default Address: 192.168.1.100 Default backend: <none> Rules: Host Path Backends ---- ---- -------- example.com /app1 app1-service:80 (10.1.1.10:8080) /app2 app2-service:80 (10.1.1.11:8080) Annotations: nginx.ingress.kubernetes.io/rewrite-target: / Events: <none>

Key Concept

Ingress acts as a smart gatekeeper that controls and routes external traffic into your Kubernetes apps using simple rules.

Common Mistakes

Not creating or configuring an Ingress controller in the cluster.

Without an Ingress controller, the Ingress resource does nothing and external access won't work.

Install a supported Ingress controller like NGINX Ingress Controller before applying Ingress resources.

Using incorrect service names or ports in the Ingress backend configuration.

Ingress cannot route traffic if the backend service or port does not exist or is wrong.

Double-check service names and ports match the actual services running in the cluster.

Forgetting to add TLS secrets for HTTPS or misconfiguring the TLS section.

Without proper TLS secrets, HTTPS will not work and users may get security warnings.

Create TLS secrets with valid certificates and reference them correctly in the Ingress spec.

Summary

Create an Ingress resource to define how external traffic reaches your Kubernetes services.

Use rules in the Ingress to route traffic based on hostnames and URL paths.

Check Ingress status and details with kubectl commands to verify external access setup.