Azure -- AKS - Ingress

 

What is Ingress in Kubernetes?

Ingress is a Kubernetes API resource that provides external HTTP/HTTPS access to services within a cluster. It defines routing rules based on hostnames and URL paths. An Ingress Controller, such as NGINX Ingress Controller or Azure Application Gateway Ingress Controller, reads these rules and routes incoming traffic to the appropriate Kubernetes Services, which then forward requests to pods. Ingress enables centralized traffic management, TLS termination, and host/path-based routing through a single external endpoint. 

Ingress is a Kubernetes resource that manages external access to services inside the cluster, typically HTTP and HTTPS traffic.

Think of it as a traffic router for incoming requests.

Without Ingress:

Internet
   ↓
LoadBalancer Service
   ↓
Application Service
   ↓
Pods

If you have 10 applications, you might need 10 Load Balancers.

 

With Ingress 

Internet
   ↓
Load Balancer
   ↓
Ingress Controller
   ↓
 ├── app1-service
 ├── app2-service
 └── app3-service
        ↓
       Pods 

 

 One entry point can route traffic to many applications.

 

Important: Ingress vs Ingress Controller

Many people confuse these.

1. Ingress Resource

This is just a Kubernetes configuration object.

Example: 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
spec:
  rules:
  - host: app.company.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 80 

 This says:

app.company.com
    ↓
app-service 

The Ingress resource itself does not process traffic. 

2. Ingress Controller

An actual component running in the cluster that reads Ingress resources and enforces them.

Common examples:

  • NGINX Ingress Controller
  • Traefik
  • HAProxy Ingress
  • Azure Application Gateway Ingress Controller

The controller watches the Kubernetes API and updates routing rules.

 

Example Request Flow

User opens:

https://app.company.com

Flow:

Internet
   ↓
Public IP
   ↓
Ingress Controller
   ↓
app-service
   ↓
Pod 

 

Path-Based Routing

One Ingress can route multiple applications.

company.com/app1
company.com/app2
company.com/app3

 Flow:

company.com/app1 → service-app1
company.com/app2 → service-app2
company.com/app3 → service-app3

Example:

rules:
- host: company.com
  http:
    paths:
    - path: /app1
      backend:
        service:
          name: app1-service

    - path: /app2
      backend:
        service:
          name: app2-service

 

Host-Based Routing

Different domains can go to different services.

api.company.com
shop.company.com
admin.company.com

Flow:

api.company.com   → api-service
shop.company.com  → shop-service
admin.company.com → admin-service 

 

TLS/HTTPS Support

Ingress can manage HTTPS certificates.

 Internet
   ↓ HTTPS
Ingress Controller
   ↓ HTTP/HTTPS
Service
   ↓
Pods

Example:

 tls:
- hosts:
  - app.company.com
  secretName: tls-secret

 

Ingress in AKS

A common AKS architecture:

Internet
   ↓
Azure Load Balancer
   ↓
NGINX Ingress Controller
   ↓
ClusterIP Service
   ↓
Pods


Or:

Internet
   ↓
Azure Application Gateway
   ↓
AGIC
   ↓
Service
   ↓
Pods 

 

 Why not expose Pods directly?

Pods:

  • Have dynamic IPs
  • Can be recreated
  • Scale up/down

Example:

Pod A = 10.244.1.5
Pod B = 10.244.1.8
Pod C = 10.244.1.10

 

Tomorrow those IPs may change.

Ingress routes to a stable Kubernetes Service, which then load-balances to the current pods.

Comments

Post a Comment

Popular posts from this blog

Azure Migrate

Image
 Azure Site Recovery an earlier tool for migration: Thought purpose built for Disaster Recovery ASR: Azure Site Recovery Yes — Azure Site Recovery (ASR) is commonly used as a migration tool , even though its primary purpose is disaster recovery. How ASR Is Used for Migration Organizations use ASR to perform: Lift-and-shift migrations VMware to Azure migrations Hyper-V to Azure migrations Physical server to Azure migrations ASR replicates workloads continuously from on-premises infrastructure to Azure. During the final cutover, the replicated VM is started in Azure with minimal downtime. Migration Workflow Using ASR Typical Flow Discover on-prem servers Enable replication Continuous data synchronization Test failover (optional) Planned failover/cutover Azure VM becomes production workload This approach minimizes: Downtime Data loss Manual rebuild effort Why ASR Is Popular for Migration ASR vs Azure Migrate Real-World Use Case Example: Company has 200 VMware VMs on-premises. The...
Read more

Azure -- All Networking Components

   1. Virtual Network (VNet) 📌 One-paragraph explanation A Virtual Network (VNet) is the core private networking space in Azure where all cloud resources communicate securely. It is used to isolate workloads, control IP ranges, and create a private environment similar to a traditional data center network but fully software-defined in the cloud. 🔍 Details Where used: Hosting VMs, AKS clusters, databases, internal services Connected services: VM, Load Balancer, Application Gateway, Azure Firewall, Private Endpoint Dependencies: None (foundation component) Purpose in architecture: Acts as the main “network boundary” for all resources 🧩 2. Subnet 📌 One-paragraph explanation A subnet is used to divide a VNet into smaller logical networks so that different layers of an application (web, app, database) can be separated and controlled independently for security and traffic management. 🔍 Details Where used: Tiered architectures (web/app/db layers), microse...
Read more

All Kuberneters - Components

  Kubernetes Core Resources Explained 1. Pods What It Is A Pod is the smallest deployable unit in Kubernetes. It contains one or more containers that share: Network Storage Lifecycle Used For Running application containers Grouping tightly coupled containers together Example A web application container running inside a pod. 2. Deployments What It Is A Deployment manages Pods and ReplicaSets. Used For Rolling updates Application version upgrades Scaling applications Self-healing applications Example Deploying 3 replicas of an NGINX application. 3. ReplicaSets What It Is A ReplicaSet ensures a specified number of pod replicas are always running. Used For High availability Maintaining desired pod count Example Keeping 5 backend pods running at all times. 4. DaemonSets What It Is A DaemonSet ensures one pod runs on every node (or selected nodes). Used For Monitoring agents Log collectors Security agents Example Running Fluentd or Prometheus Node Exporter on all nodes. 5. StatefulSets W...
Read more