Kubernetes From Zero to Hero – Part 7: Ingress – Managing External Access the Smart Way
Manas Upadhyay
Recap: Where We Left Off
In our previous blog, we learned:
What Services are and how they expose Pods
The difference between ClusterIP, NodePort, and LoadBalancer
How to connect to applications running in Kubernetes using these service types
But there’s a limitation:
What if you want to expose multiple services over the same IP and port, like:
example.com/api → backend service
example.com/web → frontend service
This isn’t possible with just Services.
That’s where Ingress comes in.
What is Ingress in Kubernetes?
Ingress is an API object that:
Manages external access to services in a cluster
Provides HTTP/HTTPS routing to different services
Works like a reverse proxy (like NGINX or Traefik)
It routes external traffic based on:
Hostnames (e.g., app.example.com)
Paths (e.g., /api, /login)
Ingress Architecture
Ingress needs two things:
| Component | Role |
| Ingress Resource | Defines rules for routing traffic |
| Ingress Controller | Software that implements the rules (e.g., NGINX, Traefik) |
Ingress Controller listens to the API and routes traffic accordingly.
Installing an Ingress Controller (NGINX)
For Minikube:
minikube addons enable ingress
For other clusters:
Use Helm or YAML to install:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
Verify:
kubectl get pods -n ingress-nginx
kubectl get svc -n ingress-nginx
Sample Setup: Web and API Apps
Let’s say you have:
A frontend app on port 80 (service: frontend-service)
A backend API on port 5000 (service: backend-service)
Example Ingress Resource
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.local
http:
paths:
- path: /web
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
- path: /api
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 5000
(Optional) Enable TLS (HTTPS)
You can use cert-manager to automatically provision TLS certificates with Let’s Encrypt.
For now, here’s a sample block to add under .spec:
tls:
- hosts:
- myapp.local
secretName: tls-secret
Test Your Ingress
If using Minikube:
minikube tunnel
Then, add this to /etc/hosts:
127.0.0.1 myapp.local
Now access:
Ingress vs LoadBalancer vs NodePort
| Feature | NodePort | LoadBalancer | Ingress |
| Uses single IP | ❌ | ✅ | ✅ |
| Handles multiple paths/domains | ❌ | ❌ | ✅ |
| Layer 7 (HTTP routing) | ❌ | ❌ | ✅ |
| Requires cloud LB | ❌ | ✅ | ❌ |
Real-World Use Cases
| Need | Use Ingress |
| Route /api and /web to different backends | ✅ |
| SSL Termination | ✅ |
| Host-based routing (foo.com, bar.com) | ✅ |
Clean Up
kubectl delete ingress my-ingress
kubectl delete service frontend-service backend-service
kubectl delete deployment frontend backend
Summary
| Concept | Purpose |
| Ingress | Expose HTTP/HTTPS routes to services |
| Ingress Controller | Implements Ingress logic |
| Path & Host Rules | Route traffic cleanl |
What’s Next?
In the next blog, we’ll:
Explore ConfigMaps and Secrets
Understand how to manage environment configs, API tokens, and sensitive values
Use them to configure your pods without hardcoding values
Subscribe to my newsletter
Read articles from Manas Upadhyay directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Manas Upadhyay
Manas Upadhyay
I am an experienced AWS Cloud and DevOps Architect with a strong background in designing, deploying, and managing cloud infrastructure using modern automation tools and cloud-native technologies.