Learning Center
March 20, 2024
9 min read

What is Kubernetes Ingress?

Peter Barnard
Content @ Kong

For both new and existing users of Kubernetes, the importance of controlling traffic in and out of a cluster should come as a no surprise. This is where Kubernetes Ingress can offer many benefits. For those unfamiliar with what Ingress is and how it differs from other terms in Kubernetes, read on. But what features can help implement and simplify streamlined benefits to control traffic to Kubernetes services?

In this article, the more general idea of Ingress will be defined, but the main focus will be on Kubernetes Ingress and its associated applications.

Be sure to also follow up on the second part of this topic: What is a Kubernetes Ingress Controller?

What is Ingress?

The concept of an Ingress exists outside of Kubernetes and extends to other open source platforms. For the process of implementing an Ingress, a set of rules must be established to assist with influencing incoming traffic. In its most basic essence, it relays an HTTP or HTTPS to a service. These services include routing users to a specific component or pod of a service based on how the link is required to interact with the defined rules. 

An Ingress acts as an entry point for incoming traffic into a system or platform. It provides a way to manage and control the routing of external requests to the appropriate internal services or resources. The Ingress is responsible for analyzing incoming requests based on predefined rules and forwarding them to the correct destination within the system. If no rules are specified, all traffic will be sent to a single default backend, which is conventionally a configuration option of the Ingress controller and is not specified in your Ingress resources. This method, also known as the DefaultBackend, is the backend that should handle requests in that case.

The primary purpose of an Ingress is to simplify the management of traffic routing and load balancing for services exposed to the internet or other external networks. It acts as a single point of entry, eliminating the need to configure individual services with their own external IP addresses or load balancers.

What is Ingress in Kubernetes (K8s)?

Kubernetes itself is an open source platform used to containerize various components like software, applications, and more. These containers are defined as pods, and multiple pods are called a cluster. Using various services or types to define the cluster, the developer can choose how traffic is routed to the cluster or individual pods in specific ways. One of the key components in Kubernetes is Ingress, which acts as a gateway for external traffic to reach the cluster. Ingress can be configured to route traffic to different backend services, such as an app, based on specific rules and configurations.

Ingress is a Kubernetes resource that manages external access to services within a cluster. It acts as a single entry point for incoming traffic, routing it to the appropriate services based on the routing rules the developer sets. Kubernetes Ingress provides a way to securely and efficiently expose services. It eliminates the need for manual management of load balancers or public IP addresses for individual services.

When using ingress to influence how traffic is routed to respective clusters, the developer can define a set of rules to enable specific directions for the incoming traffic. In a cluster, there can be multiple sets of pods that are defined as different services. Using the prior set of rules, specific links used by incoming traffic will send them to a corresponding service with the precedence given to the longest matching path.

The key components of Kubernetes Ingress are:

  1. Ingress Controller: This is a specialized load balancer that watches the Ingress resource and processes the rules defined within it. It is responsible for routing incoming traffic to the appropriate services based on the Ingress rules.
  2. Ingress Resource: This is a Kubernetes resource that defines the rules for routing incoming traffic. It specifies the hostname, path, and destination services for different types of requests.
  3. Ingress Rules: These are the rules defined within the Ingress resource that determine how incoming traffic should be routed. Rules can be based on host, path, or other criteria

API Gateways vs. K8s Ingress Compared: Know Your Best-Fit Solution

Benefits of Kubernetes Ingress

Kubernetes Ingress simplifies the process of managing external access to services within a cluster, centralizing traffic routing, load balancing, and secure access. It is an essential component for deploying and managing production-ready applications in Kubernetes environments. Kubernetes Ingress enables key functionality in Kubernetes including:

  1. Load Balancing: Ingress can distribute traffic across multiple replicas of a service, ensuring high availability and scalability.
  2. SSL/TLS Termination: Ingress controllers can handle SSL/TLS termination, offloading the encryption/decryption workload from the application services.
  3. Name-based Virtual Hosting: Ingress allows multiple services to be exposed on the same IP address, using different hostnames.
  4. Path-based Routing: Ingress can route traffic to different services based on the URL path, simplifying the management of complex applications.

Canary Deployments: Ingress can be used to implement canary deployments, gradually routing traffic to a new version of a service for testing purposes.

Kubernetes Ingress vs Kubernetes Egress

The difference between ingress and egress might be simpler than you think. Ingress refers to the traffic coming into a network boundary, while egress refers to the traffic leaving the network boundary. An easy way to remember the distinction is to look at the prefix. Ingress is the traffic coming into, while egress is the traffic exiting. Another easy analogy is the difference between immigration and emigration.

In the context of Kubernetes, Ingress specifically deals with managing incoming traffic from outside the cluster to services within the cluster. It acts as a single entry point, routing external requests to the appropriate services based on predefined rules.

On the other hand, egress in Kubernetes refers to the outgoing traffic from within the cluster to external destinations. It is the mechanism by which services or pods within the cluster can initiate and establish connections to resources outside the cluster, such as databases, APIs, or other external services.

While ingress and egress serve different purposes, they are both essential components for managing traffic flow in a Kubernetes environment. Ingress ensures that external traffic is properly routed and load-balanced across services within the cluster, while egress ensures that services within the cluster can communicate with external resources as needed.

It's important to note that while Ingress is a Kubernetes resource with dedicated controllers and configurations, egress is typically managed through network policies, firewall rules, or other networking configurations within the cluster or the underlying infrastructure.

Kubernetes Ingress vs Load Balancer

While both Kubernetes Ingress and a load balancer share similarities, they also have some key distinctions. Both K8s Ingress and a load balancer are responsible for directing traffic to a service, but there is a component where they do differ.

A load balancer is only able to direct toward one service, while K8s Ingress can direct toward multiple services in a cluster. The other main difference is that Kubernetes Ingress natively exists inside the cluster, while a load balancer exists outside.

A load balancer is a standalone component that distributes incoming network traffic across a group of backend servers or services. It acts as a reverse proxy, forwarding client requests to one of the available servers based on a load balancing algorithm. Load balancers are typically used to improve application availability, scalability, and performance by spreading the workload across multiple servers. Kubernetes Ingress, on the other hand, is a built-in loadbalancer feature that allows for more advanced routing and configuration options for incoming traffic. It is a powerful tool for managing traffic within a Kubernetes cluster and can be used in conjunction with a traditional load balancer for even more efficient distribution of workload.

While a load balancer can distribute traffic to a single service, Kubernetes Ingress can route traffic to multiple services within the cluster based on predefined rules, such as host, path, or other criteria. This allows for more complex routing scenarios and enables features like name-based virtual hosting and path-based routing.

While both Kubernetes Ingress and a load balancer serve the purpose of managing and distributing incoming traffic, Kubernetes Ingress is a more specialized and integrated solution for managing external access to services within a Kubernetes cluster. It offers advanced routing capabilities, seamless integration with other Kubernetes resources, and additional features tailored for containerized applications running in a Kubernetes environment. However, it is important to note that Kubernetes Ingress is not a substitute for a load balancer, such as a Network Load Balancer in Google Cloud, as the two serve different purposes in managing network traffic.

Kubernetes Ingress vs Gateway API

Gateway API is the future of Kubernetes Ingress so they share many similarities in the way they are implemented, but have some distinct differences in their intended application. Kubernetes Ingress works for the HTTP to a cluster, or more specifically, a service within a cluster. While Ingress provides a centralized way to manage external access to services, it has limitations in terms of protocol support (primarily HTTPS), advanced traffic management features, and lack of standardization across different implementations. On the other hand, the Kubernetes API Gateway offers a more comprehensive solution for managing external access to services, with support for various protocols and advanced traffic management features. It is a crucial tool for managing the Kubernetes API and ensuring efficient communication between services within a cluster.

The Gateway API project introduces a new set of portable network management resources beyond traditional Kubernetes Ingress capabilities. Gateway API defines a common set of Kubernetes resource objects and usage patterns that all compliant gateways must support, including support for both L4 and L7 protocols, built-in capabilities for advanced traffic management like canary rollouts and request mirroring, and expanded routing customization based on arbitrary headers. Gateway API is more generalized in how it accesses the cluster, and specializes more in having more utility and application with the implementation of API in the HTTP process. It can modify the routing to a Kubernetes cluster in a safe way using a reverse proxy. This addresses the limitations of Ingress and aims to provide a standardized and more feature-rich approach to managing traffic within Kubernetes clusters.

Conclusion

In summary, Kubernetes Ingress provides a centralized and efficient way to manage external access to services running within a Kubernetes cluster. By defining rules for routing incoming traffic based on host, path, or other criteria, Ingress simplifies the process of exposing multiple services through a single entry point. It offers valuable features like load balancing, SSL/TLS termination, name-based virtual hosting, and path-based routing. While sharing some similarities with traditional load balancers, Kubernetes Ingress is specifically designed for Kubernetes environments, enabling advanced traffic management capabilities tailored for containerized applications. As the project continues to evolve, with the introduction of the Gateway API aiming to provide a more standardized and feature-rich approach, Kubernetes Ingress remains an essential component for deploying and managing production-ready applications in Kubernetes clusters.

    Kubernetes Ingress FAQs

    Q: What is Kubernetes Ingress and how does it work?

    A: Kubernetes Ingress is an API object that manages external access to services within a Kubernetes cluster. It acts as a smart router or entry point for HTTP and HTTPS traffic to reach services running in the cluster. Ingress works by defining rules for routing incoming requests to different services based on the request host or path. This allows you to expose multiple services on the same IP address and port, making it easier to manage external access to your applications. By configuring different ingress rules, you can set up URL-based routing, SSL termination, load balancing, and more. Kubernetes controllers like Nginx Ingress Controller or Traefik implement these rules and ensure that traffic is directed correctly to the appropriate backend services within the cluster.

    Q: What is ingress and egress in Kubernetes?

    A: In Kubernetes, "ingress" and "egress" refer to the network traffic entering or leaving a cluster, respectively. Ingress is used to manage incoming traffic to the services in a Kubernetes cluster, acting as an API object that manages external access to services within the cluster. On the other hand, egress refers to the network traffic leaving the pod in a cluster. Egress can be controlled using Network Policies in Kubernetes to define rules for outbound traffic from pods, allowing administrators to manage and secure how pods communicate with external resources.

    Q: Is Kubernetes ingress a load balancer?

    A: Kubernetes Ingress is not a load balancer itself, but it can be configured to use an external load balancer to route traffic to services within a Kubernetes cluster. Ingress in Kubernetes provides HTTP and HTTPS routing to services based on hostnames or paths, allowing you to expose multiple services on a single IP address. By using Ingress resources, you can define how external traffic should be routed to your services, making it easier to manage inbound connections and apply rules for handling different types of requests.

    Q: When should you use Kubernetes ingress?

    A: Kubernetes Ingress should be used when you need to expose HTTP and HTTPS routes from outside the cluster to services within the cluster. It acts as a bridge between the external traffic and your services, providing load balancing, SSL termination, and host-based routing. Ingress is particularly useful when you have multiple services that require access from outside the cluster and you want to manage routing and traffic rules centrally.

    Continued Learning & Related Content