Ingress

External Services are a way to access applications in K8s from outside

In production a better alternative is Ingress!

Not a Service type, but acts as the entry point for your cluster I

More intelligent and flexible: Let's US consolidate your routing rules into a single resource as it can expose multiple services under the same IP address

Configure multiple sub-domains or domains:

Configure multiple paths for same host:

Configure TLS Certificate - https://

Kubernetes Ingress vs LoadBalancer vs NodePort

These options all do the same thing. They let you expose a service to external network requests. They let you send a request from outside the Kubernetes cluster to a service inside the cluster.

NodePort

nodeport in kubernetes

NodePort is a configuration setting you declare in a service’s YAML. Set the service spec’s type to NodePort. Then, Kubernetes will allocate a specific port on each Node to that service, and any request to your cluster on that port gets forwarded to the service.

This is cool and easy, it’s just not super robust. You don’t know what port your service is going to be allocated, and the port might get re-allocated at some point.

LoadBalancer

loadbalancer in kubernetes

We can set a service to be of type LoadBalancer the same way we’d set NodePort— specify the type property in the service’s YAML. There needs to be some external load balancer functionality in the cluster, typically implemented by a cloud provider.

This is typically heavily dependent on the cloud provider—GKE creates a Network Load Balancer with an IP address that you can use to access our service.

Every time we want to expose a service to the outside world, we have to create a new LoadBalancer and get an IP address.

Ingress

ingress in kubernetes

NodePort and LoadBalancer let us expose a service by specifying that value in the service’s type. Ingress, on the other hand, is a completely independent resource to our service. We declare, create and destroy it separately to our services.

This makes it decoupled and isolated from the services we want to expose. It also helps us to consolidate routing rules into one place.

The one downside is that we need to configure an Ingress Controller for our cluster. But that’s pretty easy—in this example, we’ll use the Nginx Ingress Controller.