Ingresses

May 20, 2026

Single HTTP(S) entry → routes to multiple Services (cheaper than many LoadBalancers)
Ingress ≠ Service: need both; Ingress routes to Service
apiVersion: networking.k8s.io/v1: pathType required on each path
Ingress controller required (e.g. nginx): assume preinstalled on exam

Rule components

Part	Example
Host (optional)	`next.example.com`
Path	`/app`
Backend	`app-service:8080`

pathType

Prefix: prefix match (trailing slash matters in some controllers)
Exact: exact path match

Create

kubectl create ingress next-app \
  --rule="next.example.com/app=app-service:8080" \
  --rule="next.example.com/metrics=metrics-service:9090"
# format: host/path=service:port

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: next-app
spec:
  ingressClassName: nginx
  rules:
  - host: next.example.com
    http:
      paths:
      - path: /app
        pathType: Prefix
        backend:
          service:
            name: app-service
            port:
              number: 8080

kubectl

kubectl get ingress
kubectl describe ingress next-app
kubectl get ingressclass

Debug 503 / no route

kubectl get ingress <name> -o yaml
kubectl get svc <backend-service>
kubectl get endpoints <backend-service>
kubectl get pod --show-labels
kubectl get svc <backend-service> -o yaml

Check	Why
Endpoints non-empty	Ingress cannot route to a Service with no backend Pods
Backend Service name	Must match `spec.rules[].http.paths[].backend.service.name`
Backend port	Must be Service `port`, not `targetPort`
IngressClass	Must match installed controller (`kubectl get ingressclass`)
Service selector	Must match Pod labels in same namespace

Test with host header:

curl -H "Host: next.example.com" http://<ingress-ip>/app

Gateway API quick shape

Gateway API may appear as an HTTPRoute task. You usually bind to an existing Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: app-route
spec:
  parentRefs:
  - name: main-gateway
  hostnames: [myapp.internal]
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /api
    backendRefs:
    - name: api-svc
      port: 8080

Exam tips

No controller → Ingress has no effect
Wrong backend Service name/port → 502/503: check describe ingress
TLS termination: often out of scope but know spec.tls exists
pathType is required in networking.k8s.io/v1
For nginx rewrites, expect annotations such as nginx.ingress.kubernetes.io/rewrite-target: /
Gateway API uses HTTPRoute + parentRefs; route ports still point at Service ports