Skip to main content
Kubernetes Introduction
CHAPTER 11 Intermediate

Kubernetes Ingress Controller

Updated: May 15, 2026
25 min read

# CHAPTER 11

Kubernetes Ingress Controller

1. Introduction

In Chapter 7, we exposed applications using NodePort and LoadBalancer Services. However, at an enterprise scale, this approach is deeply flawed. If you have 50 different microservices (a Blog, a Store, an API), provisioning 50 different Cloud Load Balancers will cost you thousands of dollars a month, and mapping 50 different IP addresses is a DNS nightmare. To solve this, Kubernetes introduces Ingress: a smart, single front door that routes incoming web traffic to the correct internal services based on URLs and paths.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Identify the architectural flaws of relying solely on LoadBalancer services.
  • Define what an Ingress and an Ingress Controller are.
  • Understand path-based and host-based routing rules.
  • Enable the NGINX Ingress Controller in Minikube.
  • Author an Ingress YAML manifest.

3. Beginner-Friendly Explanation

Imagine an massive apartment building with 50 different businesses inside.
  • The Old Way (LoadBalancers): You build 50 different physical front doors on the street. Each door goes straight to one business. It takes up the entire city block, and it's incredibly expensive to build.
  • The Ingress Way: You build exactly ONE grand front entrance (The Ingress Controller). Inside the entrance sits a highly intelligent receptionist (The Ingress Rules).
  • A customer walks in and says, "I am looking for website.com/blog." The receptionist checks their rulebook and sends them to Room 101.
  • The next customer says, "I am looking for api.website.com." The receptionist sends them to Room 505.

4. Ingress vs. Ingress Controller

This is a massive point of confusion for beginners:
  • Ingress Controller: The actual software doing the heavy lifting (usually NGINX, HAProxy, or Traefik). It is a Pod running in your cluster that listens to external traffic. *Kubernetes does NOT come with an Ingress Controller by default! You must install one.*
  • Ingress (The Object): The YAML file (The Rulebook) that you give to the Controller. It contains the instructions: "Route /login to the Auth Service."

5. Enabling Ingress in Minikube

Because Kubernetes doesn't have a default controller, Minikube provides a convenient add-on that instantly installs the industry-standard NGINX Ingress Controller. Open your terminal and run:
bash
1 
minikube addons enable ingress

*(Minikube will download and launch the NGINX controller Pods in the ingress-nginx namespace).*

6. Anatomy of an Ingress YAML

Once the controller is running, we feed it a rulebook. This YAML tells the controller: If a request comes in for myapp.com/api, send it to the api-service on port 3000.
yaml
123456789101112131415161718 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: main-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: myapp.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 3000

7. Mini Project: Path-Based Routing

Let's route traffic to two different applications using a single IP address.

Step-by-Step Tutorial:

  1. 1. Ensure the Ingress addon is enabled (Section 5).
  1. 2. We need two services. Let's launch a "Blue" app and a "Red" app using imperative commands for speed:

bash
1234 
kubectl create deployment blue-app --image=hashicorp/http-echo --args="-text=BLUE-APP"
kubectl expose deployment blue-app --port=80 --target-port=5678
kubectl create deployment red-app --image=hashicorp/http-echo --args="-text=RED-APP"
kubectl expose deployment red-app --port=80 --target-port=5678
  1. 3. Create an ingress.yaml file to route the traffic:
yaml
12345678910111213141516171819202122 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: color-ingress
spec:
  rules:
  - http:
      paths:
      - path: /blue
        pathType: Prefix
        backend:
          service:
            name: blue-app
            port:
              number: 80
      - path: /red
        pathType: Prefix
        backend:
          service:
            name: red-app
            port:
              number: 80
  1. 4. Apply it: kubectl apply -f ingress.yaml
  1. 5. Test it: Ask Minikube for the IP address of the Ingress Controller: minikube ip. (Let's assume it returns 192.168.49.2).
  1. 6. Open your browser to http://192.168.49.2/blue. You will see "BLUE-APP". Change the URL to /red and you will see "RED-APP". One IP address gracefully routing to two entirely different microservices!

8. Real-World Scenarios

Ingress Controllers are the gatekeepers of enterprise security. Instead of configuring SSL/TLS certificates on 50 different microservices, the DevOps engineer installs a tool called cert-manager into the cluster. cert-manager automatically requests a free SSL certificate from Let's Encrypt and attaches it directly to the NGINX Ingress Controller. The Ingress handles all the complex HTTPS decryption at the front door (SSL Termination), and passes standard HTTP traffic safely to the backend Pods, saving massive amounts of compute power.

9. Best Practices

  • Host-Based Routing: In the real world, you rarely use raw IPs. You use host routing. You can configure your Ingress so that blog.company.com routes to the WordPress service, and app.company.com routes to the React service, all utilizing the exact same physical IP address.

10. Common Mistakes

  • Applying Ingress Rules Without a Controller: Beginners often write perfect ingress.yaml files, apply them, and then spend hours wondering why they get a "Page Not Found" error in the browser. The API Server accepts the Ingress rules perfectly, but if you forgot to install the actual NGINX Ingress Controller software into the cluster, there is no "receptionist" to actually enforce the rules!

11. Exercises

  1. 1. What is the fundamental financial and architectural advantage of utilizing a single Ingress Controller over deploying 20 Cloud LoadBalancer services?
  1. 2. Differentiate between an "Ingress" (the Kubernetes object) and an "Ingress Controller".

12. FAQs

Q: Do I have to use NGINX? A: No. While NGINX is the most popular, there are many controllers. AWS users often use the ALB (Application Load Balancer) Ingress Controller. Traefik and HAProxy are also highly popular alternatives that offer different feature sets regarding dynamic routing and observability.

13. Interview Questions

  • Q: Explain the concept of SSL Termination. How does an Ingress Controller facilitate SSL Termination within a Kubernetes microservice architecture?
  • Q: A developer has successfully applied an Ingress manifest defining path-based routing (/api to api-service and /web to web-service). However, all external traffic is returning a generic 404 error from NGINX. Describe the architectural checks you would perform to debug this routing failure.

14. Summary

In Chapter 11, we centralized our network entry points. We identified the inefficiencies of deploying dozens of external LoadBalancers and replaced them with the elegant, unified architecture of the Ingress Controller. We activated the NGINX controller, authored path-based routing rules, and demonstrated how a single public IP address can intelligently dispatch traffic to an infinite number of internal microservices, drastically simplifying our DNS and SSL management.

15. Next Chapter Recommendation

Our architecture is robust and receiving public traffic. But what happens if we get featured on the news and traffic spikes 1000%? We need robots to scale our application automatically. Proceed to Chapter 12: Kubernetes Autoscaling.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Kubernetes Namespaces
Next Chapter Kubernetes Autoscaling

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6