8th Week :- "Why Kubernetes Services Fall Short in DevOps – And How Ingress Solves It
Lav kushwahaTable of contents
- 🚫 Problem: Why Kubernetes Services Alone Are Not Ideal for Production
- ✅ Solution: Ingress + Ingress Controller
- 🧾 Sample Ingress YAML File (Using NGINX)
- 📦 Step-by-Step Example: Deploy Backend and Frontend with Ingress
- ⚙️ Setting up NGINX Ingress Controller
- ☁️ How This Works in a Cloud Provider
- ✅ Final Thoughts
🚫 Problem: Why Kubernetes Services Alone Are Not Ideal for Production
In Kubernetes, a Service is used to expose a set of Pods as a network service. It ensures that traffic is correctly routed to healthy pods using a stable IP address or DNS name. There are mainly three types of Services:
ClusterIP – accessible only within the cluster (default)
NodePort – exposes service on a static port on each node
LoadBalancer – creates an external load balancer (on supported cloud providers)
❌ Drawbacks of Using Just Services
| Problem | Explanation |
| Multiple LoadBalancers = $$$ | Every time you use type: LoadBalancer for a microservice, your cloud provider provisions a separate external load balancer – increasing costs drastically. |
| No URL Routing | Services don’t allow routing based on URL paths or hostnames. You can't route example.com/api to backend and example.com to frontend. |
| No SSL Management | Services don't handle SSL/TLS certificates and HTTPS routing natively. |
| Hard to Maintain DNS | Without URL/host-based routing, managing domains and subdomains becomes a mess. |
| No Central Entry Point | Each service gets its own entry point (IP/port), making it hard to manage ingress traffic from outside the cluster. |
✅ Solution: Ingress + Ingress Controller
🌐 What is Ingress?
Ingress is an API object in Kubernetes that acts as an entry point to your cluster. It allows you to route external HTTP and HTTPS traffic to internal services based on:
Hostnames (
example.com)Paths (
/api,/frontend)TLS settings
Think of Ingress as a smart router for your Kubernetes apps.
🧠 What is Ingress Controller?
Ingress rules alone don’t do anything. You need an Ingress Controller, which is a pod running in your cluster that watches the Ingress objects and fulfills the routing.
Popular Ingress Controllers:
NGINX Ingress Controller
HAProxy Ingress
Traefik
Istio Gateway (part of service mesh)
Among these, NGINX is the most widely used due to its simplicity and flexibility.
🧾 Sample Ingress YAML File (Using NGINX)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 5000
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
🧩 Breakdown of Ingress YAML
| Section | Description |
apiVersion | Version of the Ingress API |
kind | Type of Kubernetes object (Ingress) |
metadata.name | Name of the Ingress object |
annotations | Extra config for NGINX, like path rewrite |
spec.rules.host | Domain name this rule applies to |
paths | List of routes under that host |
pathType | Prefix or Exact match for the path |
backend.service.name | The service name to route to |
port.number | Port of that service |
📦 Step-by-Step Example: Deploy Backend and Frontend with Ingress
🎯 Use Case
You have two services:
Frontend (React/Vue) served on
/Backend (Express/Django) served on
/api
1️⃣ Backend Deployment YAML
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
spec:
replicas: 2
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
containers:
- name: backend
image: your-dockerhub/backend:latest
ports:
- containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
spec:
selector:
app: backend
ports:
- protocol: TCP
port: 5000
targetPort: 5000
type: ClusterIP
2️⃣ Frontend Deployment YAML
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: your-dockerhub/frontend:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
3️⃣ Ingress YAML File (Same as Above)
Ensure your domain (
myapp.example.com) is pointing to your cluster’s LoadBalancer IP.
⚙️ Setting up NGINX Ingress Controller
✅ Step 1: Install via Helm
bashCopyEdithelm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx \
--set controller.publishService.enabled=true
✅ Step 2: Get External IP
bashCopyEditkubectl get svc -n ingress-nginx
Look for the EXTERNAL-IP of the nginx-ingress-controller and point your domain (myapp.example.com) to it using DNS.
☁️ How This Works in a Cloud Provider
You deploy the backend and frontend via
kubectl apply -f deployment.yml.You install the Ingress Controller (NGINX).
You create an Ingress resource with routing rules.
Your cloud provider provisions a LoadBalancer for the Ingress Controller.
You map your domain to that LoadBalancer IP.
Incoming requests are handled by the Ingress Controller and routed based on your rules.
✅ Final Thoughts
| ❌ Services Alone | ✅ Ingress |
| Expensive with LoadBalancer | Cost-efficient single LoadBalancer |
| No routing logic | URL + Host-based smart routing |
| No SSL/TLS | Built-in HTTPS support |
| Poor scalability | Designed for production-grade traffic |
Ingress is an essential part of production-ready Kubernetes clusters. It reduces costs, simplifies networking, improves maintainability, and is crucial for DevOps success in cloud deployments.
Subscribe to my newsletter
Read articles from Lav kushwaha directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by