Ingress Resources
Info
The Ingress and Gateway API are two different approaches to managing ingress traffic in Kubernetes. Whilst you can use both in the same cluster, you would generally want to use one or the other for a given application. The Gateway API is the next generation of ingress management, and is recommended for new applications.
An Ingress resource in Kubernetes defines how external HTTP(S) traffic is routed to services inside your cluster. It acts as a set of rules for your ingress controller, specifying which requests go to which backend services, and can also handle SSL/TLS termination.
What Does an Ingress Resource Do?
Ingress resources provide a way to define external access to your services in a controlled and secure manner. An Ingress resource typically includes:
- Routing - Maps incoming requests (based on hostnames and paths) to specific Kubernetes services.
- Domain Management - Associates external domains (e.g., app.example.com) with services.
- TLS/SSL - Assign TLS certificates for secure HTTPS traffic.
Example Ingress Resource
Below is an example AKS Ingress resource for an application running on a service named my-app-service. This resource routes traffic for the domain app.example.com to the my-app-service service on port 80, and it uses a TLS secret named tls-secret to provide SSL. The ingressClassName property specifies the ingress controller to use, in this case, Nginx. If this is not defined, the default ingress controller will be used.
Whilst the Ingress record includes details of the TLS certificate to use, it does not managed the creation of the certificate. This certificate must be created separately, either manually or using a tool like cert-manager, and stored in a Kubernetes secret.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: secure-ingress
spec:
ingressClassName: nginx
tls:
- hosts:
- app.example.com
secretName: tls-secret
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-service
port:
number: 80