π Imperative Ingress Creation in Kubernetes¶
You can create an Ingress resource in Kubernetes using the CLI with the following command:
kubectl create ingress NAME \
--rule=host/path=service:port[,tls[=secret]] \
--class <> --annotation <>
This creates an Ingress object using an imperative approach (without writing a YAML file).
π§ What is Ingress?¶
Ingress acts like a smart router for HTTP/HTTPS traffic. It defines how external traffic should be routed to services within the cluster based on:
- Hostnames
- URL paths
- Optional TLS/HTTPS settings
π§ Understanding the Command¶
| Part | Meaning |
|---|---|
kubectl create ingress | Instructs Kubernetes to create an Ingress resource |
NAME | The name you assign to the Ingress object |
--rule= | Defines the routing rule |
host/path | The external domain and URL path to match |
service:port | The internal service and port to route traffic to |
tls[=secret] (optional) | Enables HTTPS with optional TLS secret for cert & key |
β Example 1: Basic HTTP Routing¶
kubectl create ingress my-ingress \
--rule=example.com/foo=frontend-svc:80
π This routes:
- Any HTTP request to
http://example.com/foo - β‘οΈ to the
frontend-svcservice on port80.
β Example 2: HTTPS Routing with TLS¶
kubectl create ingress secure-ingress \
--rule=example.com/=frontend-svc:80,tls=my-tls-secret
π This sets up:
- HTTPS routing (
https://example.com/) - TLS termination using the secret
my-tls-secret - Routes to
frontend-svcon port80.
𧩠Why Use Ingress?¶
Ingress offers:
- π§ URL routing β Path- or host-based traffic control
- π TLS termination β Use HTTPS with certificates
- ποΈ Centralized access β One entry point for multiple services
With Ingress, you donβt need to expose each service individually.
π Alternatives to Ingress¶
| Method | Purpose | When to Use |
|---|---|---|
| NodePort | Expose service on a static port on every node | Quick testing or internal access |
| LoadBalancer | Provision external cloud load balancer | Cloud environments like AWS, GCP, Azure |
| Port Forwarding | Forwards cluster port to local machine | Local debugging |
| Ingress | Smart HTTP(S) routing | Production web traffic |
| Service Mesh (e.g., Istio) | Deep control over traffic | Microservices observability and security |
π When Should You Use Ingress?¶
Use Ingress if:
- You have multiple HTTP(S) services.
- You want path/host-based routing.
- You need TLS (HTTPS) support.
- You prefer a centralized entry point to your cluster.
π οΈ Ingress Controller Is Required!¶
β Ingress wonβt work out-of-the-box.
You must deploy an Ingress Controller in your cluster like:
- NGINX
- Traefik
- HAProxy
- AWS ALB Controller (for EKS)
The controller enforces the Ingress rules you've defined.
π TLS with Ingress¶
To enable HTTPS:
- Generate or obtain a TLS certificate and key.
- Store them as a Kubernetes secret:
kubectl create secret tls my-tls-secret \
--cert=cert.pem \
--key=key.pem
- Reference this secret in your Ingress rule:
--rule=example.com/=service:port,tls=my-tls-secret
β With this knowledge, you can route traffic smartly and securely inside your Kubernetes cluster using a single command!