What is a Kubernetes Ingress Controller — Explained Simply
Confused about what an Ingress Controller actually does in Kubernetes? This guide explains it simply with diagrams, examples, and when to use which one.
You've heard about Ingress, Ingress Controllers, and LoadBalancers. They all sound similar and the Kubernetes docs don't make it easier.
Let me explain this simply.
The Problem Ingress Solves
Without Ingress, exposing apps in Kubernetes looks like this:
User → Load Balancer ($$$) → Service → Pod
Every app needs its OWN load balancer. 5 apps = 5 load balancers = 5 cloud bills.
With Ingress:
User → ONE Load Balancer → Ingress Controller → Service A (app1.com)
→ Service B (app2.com)
→ Service C (app.com/api)
One load balancer routes traffic to many services based on hostname or URL path.
What is Ingress (the object)?
An Ingress is a Kubernetes resource that defines routing rules:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host: app1.devopsboys.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
- host: app2.devopsboys.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app2-service
port:
number: 80This YAML says: traffic for app1.devopsboys.com goes to app1-service, traffic for app2.devopsboys.com goes to app2-service.
But here's the thing — this YAML does nothing on its own.
What is an Ingress Controller?
The Ingress object is just a config file. The Ingress Controller is the actual software that reads those rules and routes traffic.
Think of it like this:
- Ingress = the menu at a restaurant (rules)
- Ingress Controller = the waiter who actually serves food (executes rules)
Without an Ingress Controller, your Ingress objects are ignored.
Popular Ingress Controllers
Nginx Ingress Controller
Most widely used. Open source, battle-tested.
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginxTraefik
Popular for its auto-discovery and dashboard. Built-in Let's Encrypt support.
helm repo add traefik https://helm.traefik.io/traefik
helm install traefik traefik/traefikAWS ALB Ingress Controller (AWS Load Balancer Controller)
On AWS/EKS, creates real AWS Application Load Balancers for each Ingress.
Kong
API gateway features built in — rate limiting, auth, plugins.
How it Works End-to-End
1. You apply an Ingress YAML to Kubernetes
2. Ingress Controller (e.g., Nginx) watches for Ingress objects
3. Nginx config is automatically updated with the new routing rules
4. Traffic comes in → Nginx routes to the correct Service → Pod responds
When you deploy the Nginx Ingress Controller, it creates a LoadBalancer Service:
kubectl get svc -n ingress-nginx
# NAME TYPE EXTERNAL-IP
# ingress-nginx-controller LoadBalancer 52.x.x.xThat external IP is your single entry point. All domain names point to it. The controller handles the rest.
TLS/HTTPS with Ingress
Add TLS to your Ingress using cert-manager (free Let's Encrypt certs):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- app.devopsboys.com
secretName: app-tls-cert # cert-manager creates this
rules:
- host: app.devopsboys.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app-service
port:
number: 80Ingress vs LoadBalancer vs NodePort
| Type | When to Use |
|---|---|
| ClusterIP | Internal services only (no external access) |
| NodePort | Dev/testing, exposes on node IP:port |
| LoadBalancer | Single service needs external IP (one LB per service) |
| Ingress | Multiple services, host/path-based routing, TLS termination |
In production, you almost always want Ingress for HTTP/HTTPS apps.
Common Beginner Mistakes
Creating Ingress without an Ingress Controller installed — rules are silently ignored, nothing works.
Forgetting to add DNS records — your Ingress rule says app.example.com but DNS still points nowhere.
Wrong pathType — Exact vs Prefix matters:
Exact: /apionly matches/apiPrefix: /apimatches/api,/api/users,/api/v2etc.
Quick Test: Is My Ingress Controller Working?
# Check controller is running
kubectl get pods -n ingress-nginx
# Check it has an external IP
kubectl get svc -n ingress-nginx
# Check ingress rules are applied
kubectl describe ingress my-ingress
# Test with curl (replace with your IP)
curl -H "Host: app.devopsboys.com" http://52.x.x.xIngress Controllers are one of the most used components in any Kubernetes cluster. Once you understand the separation between the Ingress object (rules) and the Controller (executor), everything clicks.
Learn Kubernetes networking hands-on at KodeKloud — their K8s labs have dedicated exercises for Ingress, Services, and Network Policies with real clusters.
Today I Fixed
Short real fixes from production — posted daily
Stay ahead of the curve
Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.
Related Articles
How to Migrate from Ingress-NGINX to Kubernetes Gateway API in 2026
Step-by-step guide to migrating from Ingress-NGINX to Kubernetes Gateway API. Includes YAML examples, implementation choices, testing strategy, and cutover plan.
How to Set Up Kubernetes Gateway API to Replace Ingress (2026 Guide)
The Kubernetes Ingress API is being replaced by the Gateway API. Here's a complete step-by-step guide to setting it up with Nginx Gateway Fabric and migrating from Ingress.
What is a Service Mesh? Explained Simply (No Jargon)
Service mesh sounds complicated but the concept is simple. Here's what it actually does, why teams use it, and whether you need one — explained without the buzzwords.