A LoadBalancer per service gets expensive and flat. Ingress puts one smart HTTP entry point in front of many services, routing by hostname and path and terminating TLS.
Why: giving every service its own LoadBalancer is costly and gives you no shared routing. Ingress is a single HTTP(S) entry point that routes requests to different Services by hostname and URL path — like a reverse proxy for the whole cluster. One external IP, many backends, plus one place to terminate TLS.
┌─────────────────────────────┐
internet ─▶ │ Ingress │
│ shop.example.com ──▶ shop │
│ api.example.com ──▶ api │
└──────────────────────────────┘
(one entry point)Why: an Ingress object is just rules — something has to enforce them. That something is an ingress controller (ingress-nginx, Traefik, and others), a pod that actually receives traffic and routes it. You install one once per cluster; without it, Ingress objects do nothing.
Install the ingress-nginx controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yamlWait for the controller pod to be ready
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controllerWhy: an Ingress rule maps an incoming host and path to a backend Service and port. Here, requests for shop.example.com go to the shop Service and /api goes to the api Service. The ingressClassName ties the rule to the controller you installed.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: site
spec:
ingressClassName: nginx
rules:
- host: shop.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: shop
port:
number: 80Why: putting HTTPS on each app is repetitive. Instead, terminate TLS once at the Ingress: reference a Secret holding the certificate and key, and the controller serves HTTPS for that host. Note: in production a tool like cert-manager creates and renews these certificate Secrets automatically.
spec:
tls:
- hosts:
- shop.example.com
secretName: shop-tls # a Secret of type kubernetes.io/tls
rules:
- host: shop.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: shop
port:
number: 80