8th Week :- "Why Kubernetes Services Fall Short in DevOps β And How Ingress Solves It
π« Problem: Why Kubernetes Services Alone Are Not Ideal for Production
In Kubernetes, a Service is used to expose a set of Pods as a network service. It ensures that traffic is correctly routed to healthy pods using a stable IP address or DNS name. There are mainly three types of Services:
ClusterIP β accessible only within the cluster (default)
NodePort β exposes service on a static port on each node
LoadBalancer β creates an external load balancer (on supported cloud providers)
β Drawbacks of Using Just Services
| Problem | Explanation |
| Multiple LoadBalancers = $$$ | Every time you use type: LoadBalancer for a microservice, your cloud provider provisions a separate external load balancer β increasing costs drastically. |
| No URL Routing | Services donβt allow routing based on URL paths or hostnames. You can't route example.com/api to backend and example.com to frontend. |
| No SSL Management | Services don't handle SSL/TLS certificates and HTTPS routing natively. |
| Hard to Maintain DNS | Without URL/host-based routing, managing domains and subdomains becomes a mess. |
| No Central Entry Point | Each service gets its own entry point (IP/port), making it hard to manage ingress traffic from outside the cluster. |
β Solution: Ingress + Ingress Controller
π What is Ingress?
Ingress is an API object in Kubernetes that acts as an entry point to your cluster. It allows you to route external HTTP and HTTPS traffic to internal services based on:
Hostnames (
example.com)Paths (
/api,/frontend)TLS settings
Think of Ingress as a smart router for your Kubernetes apps.
π§ What is Ingress Controller?
Ingress rules alone donβt do anything. You need an Ingress Controller, which is a pod running in your cluster that watches the Ingress objects and fulfills the routing.
Popular Ingress Controllers:
NGINX Ingress Controller
HAProxy Ingress
Traefik
Istio Gateway (part of service mesh)
Among these, NGINX is the most widely used due to its simplicity and flexibility.
π§Ύ Sample Ingress YAML File (Using NGINX)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 5000
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
𧩠Breakdown of Ingress YAML
| Section | Description |
apiVersion | Version of the Ingress API |
kind | Type of Kubernetes object (Ingress) |
metadata.name | Name of the Ingress object |
annotations | Extra config for NGINX, like path rewrite |
spec.rules.host | Domain name this rule applies to |
paths | List of routes under that host |
pathType | Prefix or Exact match for the path |
backend.service.name | The service name to route to |
port.number | Port of that service |
π¦ Step-by-Step Example: Deploy Backend and Frontend with Ingress
π― Use Case
You have two services:
Frontend (React/Vue) served on
/Backend (Express/Django) served on
/api
1οΈβ£ Backend Deployment YAML
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
spec:
replicas: 2
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
containers:
- name: backend
image: your-dockerhub/backend:latest
ports:
- containerPort: 5000
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
spec:
selector:
app: backend
ports:
- protocol: TCP
port: 5000
targetPort: 5000
type: ClusterIP
2οΈβ£ Frontend Deployment YAML
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: your-dockerhub/frontend:latest
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
spec:
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
3οΈβ£ Ingress YAML File (Same as Above)
Ensure your domain (
myapp.example.com) is pointing to your clusterβs LoadBalancer IP.
βοΈ Setting up NGINX Ingress Controller
β Step 1: Install via Helm
bashCopyEdithelm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx \
--set controller.publishService.enabled=true
β Step 2: Get External IP
bashCopyEditkubectl get svc -n ingress-nginx
Look for the EXTERNAL-IP of the nginx-ingress-controller and point your domain (myapp.example.com) to it using DNS.
βοΈ How This Works in a Cloud Provider
You deploy the backend and frontend via
kubectl apply -f deployment.yml.You install the Ingress Controller (NGINX).
You create an Ingress resource with routing rules.
Your cloud provider provisions a LoadBalancer for the Ingress Controller.
You map your domain to that LoadBalancer IP.
Incoming requests are handled by the Ingress Controller and routed based on your rules.
β Final Thoughts
| β Services Alone | β Ingress |
| Expensive with LoadBalancer | Cost-efficient single LoadBalancer |
| No routing logic | URL + Host-based smart routing |
| No SSL/TLS | Built-in HTTPS support |
| Poor scalability | Designed for production-grade traffic |
Ingress is an essential part of production-ready Kubernetes clusters. It reduces costs, simplifies networking, improves maintainability, and is crucial for DevOps success in cloud deployments.