What is Kubernetes Ingress?

  • Published on 07 Jan 2026
  • Last updated 10 Apr 2026
  • Reading Time 10 minutes
  • Written By Can Şentay
Table of Contents
01- What is an Ingress Controller and how does it work?
Digital Bulletin
Subscribe to our newsletter to be informed about innovations in the cloud world.
What is Kubernetes Ingress?

What is Kubernetes Ingress?

When you want to route traffic from outside your Kubernetes cluster to the applications inside it, Ingress comes into play. Ingress is a Kubernetes resource that allows us to manage HTTP and HTTPS traffic. To put it more simply, it acts like a traffic controller that directs incoming requests to the services we define inside the cluster. Compared to other methods such as NodePort and LoadBalancer, it is a more flexible, secure, and manageable solution.

Ingress enables you to manage your applications professionally using advanced features such as domain-based routing, SSL/TLS termination, and path-based routing for multiple services over a single IP address. Especially in microservices architectures, accessing different services through a single entry point provides significant advantages in terms of both security and cost.

  • What is an Ingress Controller and how does it work?

    In our Kubernetes cluster, defining an Ingress alone is not sufficient. Just like in real life, we also need an authority that supervises and directs the traffic controllers—in other words, an Ingress Controller such as Traefik, HAProxy, or NGINX.

    The Ingress Controller continuously watches the Kubernetes API and, when you create a new Ingress resource, it automatically detects it, updates its own configuration files, and starts managing traffic according to the new rules.

    You can deploy an Ingress Controller to your Kubernetes cluster using Helm charts or manually through manifest files. After installation, the Ingress Controller must be exposed to the external world via a LoadBalancer or NodePort service to enable traffic routing.

  • Basic Ingress Configuration and Alternative Approaches

    Let’s start with a basic Ingress resource configuration:

    apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: simple-ingress annotations: spec: ingressClassName: rules: - host: uygulama.example.com http: paths: - path: / pathType: Prefix backend: service: name: frontend-service port: number: 80

    In this configuration, all requests coming to application.example.com are routed to the frontend-service, and when you use pathType as Prefix, all requests that start with the specified path will be matched.


    If we had used Exact instead of Prefix, we would have achieved an exact match.


    In Kubernetes 1.19 and later versions, the spec.ingressClassName field is used to specify which Ingress Controller should manage Ingress resources. In short, this defines “who is responsible for controlling this traffic.”

    The annotations section is used to modify the behavior of the Ingress Controller. You can manage features such as URL rewriting, timeout settings, and rate limiting through annotations. However, each Ingress Controller supports different annotations, so before making any changes or additions, you should always check the official documentation of the controller you are using.

  • Path-based and Host-based Routing

    One of the powerful features of Ingress is its ability to route traffic based on different paths and hosts defined in the configuration. In the example below, you can route requests under the same domain—those coming to the /api path to your backend service, and those coming to the /web path to your frontend service:

    apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: coklu-path-ingress annotations: spec: ingressClassName: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 8080 - path: /web pathType: Prefix backend: service: name: web-service port: number: 3000

    Host-based routing allows you to use different services for separate subdomains (such as api.example.com and admin.example.com). This approach is especially useful in multi-tenant applications.

  • SSL/TLS Termination and Certificate Management

    You can manage SSL/TLS certificates to handle HTTPS traffic with an Ingress Controller by creating them inside your Kubernetes cluster using a Secret object, or by using tools like cert-manager to automatically obtain and manage certificates from Let’s Encrypt:

    apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: guvenli-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - hosts: - guvenli.example.com secretName: guvenli-tls-secret rules: - host: guvenli.example.com http: paths: - path: / pathType: Prefix backend: service: name: uygulama-service port: number: 443

  • Conclusion

    In Kubernetes clusters, the combination of Ingress and Ingress Controller provides a powerful and flexible solution for accessing multiple services from a single entry point, routing traffic based on domain or path, and managing HTTP/HTTPS traffic.

    By choosing an Ingress Controller such as NGINX, Traefik, or HAProxy, you can achieve a more manageable and cost-effective architecture compared to NodePort or LoadBalancer approaches.

Digital Bulletin
Subscribe to our newsletter to be informed about innovations in the cloud world.

Related Articles

Still can't find what you're looking for?
Contact Us