Ingress Controllers
An Ingress Controller is a reverse proxy running inside your Kubernetes cluster that routes external HTTP/HTTPS traffic to internal Services based on hostname and URL path rules. Without an Ingress Controller, exposing multiple services requires either multiple LoadBalancer Services (expensive on cloud — one cloud LB per service) or multiple NodePort services on different ports. With Ingress, one load balancer handles all HTTP traffic and routes it to the correct service based on the domain name or path.
What is Ingress?
Without Ingress (multiple LoadBalancers):
api.example.com → LoadBalancer (34.82.1.1:80) → api-service
app.example.com → LoadBalancer (34.82.1.2:80) → app-service
admin.example.com → LoadBalancer (34.82.1.3:80) → admin-service
(3 cloud load balancers = 3x cost)
With Ingress Controller (one LoadBalancer):
All domains → LoadBalancer (34.82.1.1:443)
|
Ingress Controller (NGINX)
|
+----------+-----------+
| | |
api-svc app-svc admin-svc
(1 load balancer for all services)Install NGINX Ingress Controller
# Using Helm (recommended):
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace
# Verify the controller pod is running:
kubectl get pods -n ingress-nginx -wkubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7d4db76476-k8v9m 1/1 Running 0 2m# Get the external IP assigned to the Ingress Controller:
kubectl get service ingress-nginx-controller -n ingress-nginxService with LoadBalancer IP
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)
ingress-nginx-controller LoadBalancer 10.96.200.100 34.82.45.123 80:31080/TCP,443:31443/TCP# For k3s (uses Traefik by default, but can install NGINX instead):
# k3s ships with Traefik as default Ingress Controller
# Enable NGINX on Minikube:
minikube addons enable ingressCreating Ingress rules
nano app-ingress.yamlapp-ingress.yaml — hostname-based routing
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx # Use the NGINX ingress controller
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: api-service
port:
number: 8080
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80kubectl apply -f app-ingress.yaml
kubectl get ingresskubectl get ingress output
NAME CLASS HOSTS ADDRESS PORTS AGE
app-ingress nginx api.example.com,app.example.com 34.82.45.123 80 45sTLS termination
# Install cert-manager for automatic TLS certificates (Let's Encrypt):
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
# Create a ClusterIssuer for Let's Encrypt:
cat <Conclusion
The Ingress Controller is the front door of your Kubernetes cluster for HTTP/HTTPS traffic. NGINX Ingress Controller is the most widely used choice, while Traefik (included in k3s) is a good alternative. For automatic TLS certificate management, install cert-manager alongside your Ingress Controller — it watches for Ingress resources with TLS configured and automatically requests, renews, and stores Let's Encrypt certificates as Kubernetes Secrets. Once set up, TLS certificates require zero manual management.
FAQ
Is Ingress Controllers important for Ubuntu administrators?+
Yes. It supports practical Ubuntu administration because it connects directly to server reliability, security, troubleshooting, or daily operations.
Should I practice this on a live server?+
Use a lab VM first. After you understand the command output and rollback path, apply the workflow carefully on real systems.
What should I do after reading this article?+
Run the practice commands, write down what each one shows, and continue to the next article in the Ubuntu roadmap.
Need help with Ubuntu administration?
Work directly with Muhammad Irfan Aslam for Ubuntu Server, Linux, cloud, Docker, DevOps, CI/CD, or infrastructure troubleshooting support.
Hire Me for Support