How Kubernetes Ingress Simplifies Service Exposure and Load Balancing
This article explains the fundamentals of Kubernetes Ingress, how it works with an Ingress controller like ingress-nginx to expose internal services externally, compares manual Nginx proxy setups with Ingress, and provides step-by-step installation, configuration examples, TLS setup, annotations, and testing tips.
Kubernetes Ingress Overview
Kubernetes Ingress is a standard resource that requires an Ingress controller (e.g., ingress-nginx) to interpret routing rules and expose services outside the cluster, typically via a LoadBalancer Service.
Simple HTTP Server
Before Kubernetes, an Nginx server could serve static files or act as a proxy.
location /folder {</code><code> root /var/www/;</code><code> index index.html;</code><code>}Proxy example:
location /folder {</code><code> proxy_pass http://second-nginx-server:8000;</code><code>}Manual Nginx Proxy in Kubernetes
Using a single LoadBalancer service (e.g., service-nginx-proxy) to route different URL paths to internal services:
location /folder {</code><code> proxy_pass http://service-nginx:3001;</code><code>}</code><code>location /other {</code><code> proxy_pass http://service-python:3002;</code><code>}Switching to Kubernetes Ingress
Ingress replaces manual Nginx configuration by letting the controller generate the necessary Nginx rules automatically.
Installing an Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/mandatory.yaml</code><code>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/provider/cloud-generic.yamlAfter installation a LoadBalancer Service with an external IP appears; the controller runs an Nginx pod whose nginx.conf contains the proxy settings.
Ingress Resource Example
# just example, not tested</code><code>apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code> annotations:</code><code> kubernetes.io/ingress.class: nginx</code><code> namespace: default</code><code> name: test-ingress</code><code>spec:</code><code> rules:</code><code> - http:</code><code> paths:</code><code> - path: /folder</code><code> backend:</code><code> serviceName: service-nginx</code><code> servicePort: 3001</code><code> - http:</code><code> paths:</code><code> - path: /other</code><code> backend:</code><code> serviceName: service-python</code><code> servicePort: 3002Create it with kubectl create -f ingress.yaml. The controller translates the Ingress into Nginx configuration.
Annotations for Fine‑Grained Control
kind: Ingress</code><code>metadata:</code><code> name: ingress</code><code> annotations:</code><code> kubernetes.io/ingress.class: nginx</code><code> nginx.ingress.kubernetes.io/proxy-connect-timeout: '30'</code><code> nginx.ingress.kubernetes.io/proxy-send-timeout: '500'</code><code> nginx.ingress.kubernetes.io/proxy-read-timeout: '500'</code><code> nginx.ingress.kubernetes.io/enable-cors: "true"</code><code> nginx.ingress.kubernetes.io/cors-allow-methods: "*"</code><code> nginx.ingress.kubernetes.io/cors-allow-origin: "*"</code><code> ...Custom snippets can be added, e.g.:
nginx.ingress.kubernetes.io/configuration-snippet: |</code><code> if ($host = 'www.qikqiak.com' ) {</code><code> rewrite ^ https://qikqiak.com$request_uri permanent;</code><code> }Viewing Logs and Testing
Inspect the controller pod logs for troubleshooting. Use curl -v http://yourhost.com instead of a browser to avoid caching.
Redirect Rules Example
apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code> name: simple-fanout-example</code><code>spec:</code><code> rules:</code><code> - host: api.myurl.com</code><code> http:</code><code> paths:</code><code> - path: /foo</code><code> backend:</code><code> serviceName: service1</code><code> servicePort: 4200</code><code> - path: /bar</code><code> backend:</code><code> serviceName: service2</code><code> servicePort: 8080</code><code> - host: website.myurl.com</code><code> http:</code><code> paths:</code><code> - path: /</code><code> backend:</code><code> serviceName: service3</code><code> servicePort: 3333TLS/HTTPS Support
apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code> name: tls-example-ingress</code><code>spec:</code><code> tls:</code><code> - hosts:</code><code> - sslexample.foo.com</code><code> secretName: testsecret-tls</code><code> rules:</code><code> - host: sslexample.foo.com</code><code> http:</code><code> paths:</code><code> - path: /</code><code> backend:</code><code> serviceName: service1</code><code> servicePort: 80Ensure the TLS secret exists in every namespace where the Ingress is used.
Summary
Kubernetes Ingress provides a lightweight way to configure Nginx as a reverse proxy, allowing external access to internal services while saving static IPs and LoadBalancer resources. It supports path‑ and host‑based routing, annotations for advanced settings, and TLS termination.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Efficient Ops
This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.