What is Kubernetes Ingress?
-
Published on 07 Jan 2026
-
Last updated 10 Apr 2026
-
Reading Time 10 minutes
-
Written By Can Şentay
What is Kubernetes Ingress?
When you want to route traffic from outside your Kubernetes cluster to the applications inside it, Ingress comes into play. Ingress is a Kubernetes resource that allows us to manage HTTP and HTTPS traffic. To put it more simply, it acts like a traffic controller that directs incoming requests to the services we define inside the cluster. Compared to other methods such as NodePort and LoadBalancer, it is a more flexible, secure, and manageable solution.
Ingress enables you to manage your applications professionally using advanced features such as domain-based routing, SSL/TLS termination, and path-based routing for multiple services over a single IP address. Especially in microservices architectures, accessing different services through a single entry point provides significant advantages in terms of both security and cost.
-
What is an Ingress Controller and how does it work?
In our Kubernetes cluster, defining an Ingress alone is not sufficient. Just like in real life, we also need an authority that supervises and directs the traffic controllers—in other words, an Ingress Controller such as Traefik, HAProxy, or NGINX.
The Ingress Controller continuously watches the Kubernetes API and, when you create a new Ingress resource, it automatically detects it, updates its own configuration files, and starts managing traffic according to the new rules.
You can deploy an Ingress Controller to your Kubernetes cluster using Helm charts or manually through manifest files. After installation, the Ingress Controller must be exposed to the external world via a LoadBalancer or NodePort service to enable traffic routing.
-
Basic Ingress Configuration and Alternative Approaches
Let’s start with a basic Ingress resource configuration:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: simple-ingress annotations: spec: ingressClassName: rules: - host: uygulama.example.com http: paths: - path: / pathType: Prefix backend: service: name: frontend-service port: number: 80In this configuration, all requests coming to
application.example.comare routed to thefrontend-service, and when you usepathTypeas Prefix, all requests that start with the specified path will be matched.
If we had used
Exactinstead of Prefix, we would have achieved an exact match.
In Kubernetes 1.19 and later versions, the
spec.ingressClassNamefield is used to specify which Ingress Controller should manage Ingress resources. In short, this defines “who is responsible for controlling this traffic.”The annotations section is used to modify the behavior of the Ingress Controller. You can manage features such as URL rewriting, timeout settings, and rate limiting through annotations. However, each Ingress Controller supports different annotations, so before making any changes or additions, you should always check the official documentation of the controller you are using.
-
Path-based and Host-based Routing
One of the powerful features of Ingress is its ability to route traffic based on different paths and hosts defined in the configuration. In the example below, you can route requests under the same domain—those coming to the
/apipath to your backend service, and those coming to the/webpath to your frontend service:apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: coklu-path-ingress annotations: spec: ingressClassName: rules: - host: example.com http: paths: - path: /api pathType: Prefix backend: service: name: api-service port: number: 8080 - path: /web pathType: Prefix backend: service: name: web-service port: number: 3000Host-based routing allows you to use different services for separate subdomains (such as
api.example.comandadmin.example.com). This approach is especially useful in multi-tenant applications. -
SSL/TLS Termination and Certificate Management
You can manage SSL/TLS certificates to handle HTTPS traffic with an Ingress Controller by creating them inside your Kubernetes cluster using a Secret object, or by using tools like cert-manager to automatically obtain and manage certificates from Let’s Encrypt:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: guvenli-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - hosts: - guvenli.example.com secretName: guvenli-tls-secret rules: - host: guvenli.example.com http: paths: - path: / pathType: Prefix backend: service: name: uygulama-service port: number: 443 -
Conclusion
In Kubernetes clusters, the combination of Ingress and Ingress Controller provides a powerful and flexible solution for accessing multiple services from a single entry point, routing traffic based on domain or path, and managing HTTP/HTTPS traffic.
By choosing an Ingress Controller such as NGINX, Traefik, or HAProxy, you can achieve a more manageable and cost-effective architecture compared to NodePort or LoadBalancer approaches.
Related Articles
-
Jan 29,2026What Is OpenShift? Key Differences Between OpenShift and Kubernetes
Hello, today as DT Cloud we will explain what OpenShift is and the differences between it and Kubernetes. First, let’s start with the question, “What is Kubernetes?”
Learn More -
Jan 26,2026What Is Penetration Testing? Use Cases and Benefits
Penetration testing, in its simplest form, is a professional assessment conducted to identify security vulnerabilities within your IT infrastructure.
Learn More -
Jan 08,2026Best Database Software of 2026
A database is a structured data storage system, typically organized in a tabular format. This data can include text, numbers, images, videos, or other digital formats.
Learn More
-
Subscribe to our newsletter to be informed about innovations in the cloud world.
