What Is Kubernetes Ingress?
Ingress is a Kubernetes API object that manages external HTTP/HTTPS access to services in a cluster. It provides URL-based routing, TLS termination, and virtual host support through a single entry point, eliminating the need for multiple LoadBalancer Services.
Detailed Answer
Ingress is a Kubernetes API object that defines rules for routing external HTTP/HTTPS traffic to internal Services. It acts as a smart reverse proxy, consolidating multiple routing rules behind a single load balancer.
Why Ingress Exists
Without Ingress, exposing multiple services externally requires multiple LoadBalancer Services, each provisioning its own cloud load balancer:
api.example.com → LoadBalancer → api-service (cost: $18/month)
web.example.com → LoadBalancer → web-service (cost: $18/month)
admin.example.com → LoadBalancer → admin-service (cost: $18/month)
With Ingress, a single load balancer handles all routes:
api.example.com ┐
web.example.com ├→ Ingress (single LB) → Services
admin.example.com ┘
Basic Ingress Example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- host: web.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
tls:
- hosts:
- api.example.com
- web.example.com
secretName: tls-secret
How Ingress Works
The flow of an external request through Ingress:
- DNS resolves
api.example.comto the Ingress controller's external IP - The request hits the Ingress controller (a reverse proxy like Nginx)
- The controller matches the Host header and path against Ingress rules
- Traffic is forwarded to the matching backend Service
- The Service routes to the appropriate Pods
Components of Ingress
| Component | Purpose | |---|---| | Ingress resource | Defines routing rules (host, path, backend) | | Ingress controller | Implements the rules (Nginx, Traefik, etc.) | | IngressClass | Links Ingress resources to specific controllers | | TLS secret | Contains the certificate and key for HTTPS |
IngressClass
When multiple Ingress controllers are installed, ingressClassName specifies which one should handle the Ingress:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
Path Types
Ingress supports two path matching strategies:
| pathType | Behavior | Example |
|---|---|---|
| Prefix | Matches URL paths by prefix | /api matches /api, /api/users, /api/v2 |
| Exact | Matches URL paths exactly | /api matches only /api, not /api/users |
Default Backend
You can specify a default backend for requests that do not match any rule:
spec:
defaultBackend:
service:
name: default-service
port:
number: 80
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
Requests that do not match any host or path rule are routed to default-service.
Limitations of Ingress
- Only supports HTTP/HTTPS (Layer 7)
- No built-in support for TCP/UDP routing
- Limited configuration — most advanced features require controller-specific annotations
- The Gateway API is the successor, providing a more expressive and extensible model
Why Interviewers Ask This
Interviewers ask this to evaluate whether you understand how external traffic reaches applications in Kubernetes and can design cost-effective, production-ready routing.
Common Follow-Up Questions
Key Takeaways
- Ingress provides HTTP/HTTPS routing to multiple backend Services through a single entry point.
- An Ingress controller must be installed — Ingress resources alone do nothing.
- Ingress supports path-based routing, host-based routing, and TLS termination.