How Kubernetes Ingress Simplifies Service Exposure and Load Balancing

Kubernetes Ingress Overview

Kubernetes Ingress is a standard resource that requires an Ingress controller (e.g., ingress-nginx) to interpret routing rules and expose services outside the cluster, typically via a LoadBalancer Service.

Simple HTTP Server

Before Kubernetes, an Nginx server could serve static files or act as a proxy.

<code>location /folder {</code><code>    root /var/www/;</code><code>    index index.html;</code><code>}</code>

Proxy example:

<code>location /folder {</code><code>    proxy_pass http://second-nginx-server:8000;</code><code>}</code>

Manual Nginx Proxy in Kubernetes

Using a single LoadBalancer service (e.g.,

service-nginx-proxy

) to route different URL paths to internal services:

<code>location /folder {</code><code>    proxy_pass http://service-nginx:3001;</code><code>}</code><code>location /other {</code><code>    proxy_pass http://service-python:3002;</code><code>}</code>

Switching to Kubernetes Ingress

Ingress replaces manual Nginx configuration by letting the controller generate the necessary Nginx rules automatically.

Installing an Ingress Controller

<code>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/mandatory.yaml</code><code>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.24.1/deploy/provider/cloud-generic.yaml</code>

After installation a LoadBalancer Service with an external IP appears; the controller runs an Nginx pod whose

nginx.conf

contains the proxy settings.

Ingress Resource Example

<code># just example, not tested</code><code>apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code>  annotations:</code><code>    kubernetes.io/ingress.class: nginx</code><code>  namespace: default</code><code>  name: test-ingress</code><code>spec:</code><code>  rules:</code><code>  - http:</code><code>      paths:</code><code>      - path: /folder</code><code>        backend:</code><code>          serviceName: service-nginx</code><code>          servicePort: 3001</code><code>  - http:</code><code>      paths:</code><code>      - path: /other</code><code>        backend:</code><code>          serviceName: service-python</code><code>          servicePort: 3002</code>

Create it with

kubectl create -f ingress.yaml

. The controller translates the Ingress into Nginx configuration.

Annotations for Fine‑Grained Control

<code>kind: Ingress</code><code>metadata:</code><code>  name: ingress</code><code>  annotations:</code><code>    kubernetes.io/ingress.class: nginx</code><code>    nginx.ingress.kubernetes.io/proxy-connect-timeout: '30'</code><code>    nginx.ingress.kubernetes.io/proxy-send-timeout: '500'</code><code>    nginx.ingress.kubernetes.io/proxy-read-timeout: '500'</code><code>    nginx.ingress.kubernetes.io/enable-cors: "true"</code><code>    nginx.ingress.kubernetes.io/cors-allow-methods: "*"</code><code>    nginx.ingress.kubernetes.io/cors-allow-origin: "*"</code><code>    ...</code>

Custom snippets can be added, e.g.:

<code>nginx.ingress.kubernetes.io/configuration-snippet: |</code><code>  if ($host = 'www.qikqiak.com' ) {</code><code>    rewrite ^ https://qikqiak.com$request_uri permanent;</code><code>  }</code>

Viewing Logs and Testing

Inspect the controller pod logs for troubleshooting. Use

curl -v http://yourhost.com

instead of a browser to avoid caching.

Redirect Rules Example

<code>apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code>  name: simple-fanout-example</code><code>spec:</code><code>  rules:</code><code>  - host: api.myurl.com</code><code>    http:</code><code>      paths:</code><code>      - path: /foo</code><code>        backend:</code><code>          serviceName: service1</code><code>          servicePort: 4200</code><code>      - path: /bar</code><code>        backend:</code><code>          serviceName: service2</code><code>          servicePort: 8080</code><code>  - host: website.myurl.com</code><code>    http:</code><code>      paths:</code><code>      - path: /</code><code>        backend:</code><code>          serviceName: service3</code><code>          servicePort: 3333</code>

TLS/HTTPS Support

<code>apiVersion: networking.k8s.io/v1beta1</code><code>kind: Ingress</code><code>metadata:</code><code>  name: tls-example-ingress</code><code>spec:</code><code>  tls:</code><code>  - hosts:</code><code>    - sslexample.foo.com</code><code>    secretName: testsecret-tls</code><code>  rules:</code><code>  - host: sslexample.foo.com</code><code>    http:</code><code>      paths:</code><code>      - path: /</code><code>        backend:</code><code>          serviceName: service1</code><code>          servicePort: 80</code>

Ensure the TLS secret exists in every namespace where the Ingress is used.

Summary

Kubernetes Ingress provides a lightweight way to configure Nginx as a reverse proxy, allowing external access to internal services while saving static IPs and LoadBalancer resources. It supports path‑ and host‑based routing, annotations for advanced settings, and TLS termination.