Kubernetes Ingress & Gateway API β Smart Traffic Control
I am Bittu Sharma, a DevOps & AI Engineer with a keen interest in building intelligent, automated systems. My goal is to bridge the gap between software engineering and data science, ensuring scalable deployments and efficient model operations in production.! ππ²π'π ππΌπ»π»π²π°π I would love the opportunity to connect and contribute. Feel free to DM me on LinkedIn itself or reach out to me at bittush9534@gmail.com. I look forward to connecting and networking with people in this exciting Tech World.
What is Ingress?
Ingress is a Kubernetes API object that manages external access to services within a cluster, typically HTTP/HTTPS traffic.
Why Itβs Used in Kubernetes?
Rather than exposing each service via a NodePort or LoadBalancer, Ingress allows you to define routing rules for multiple services using a single entry point.
Benefits:
Centralized routing control
SSL/TLS termination
Path-based or host-based routing
Reduced need for multiple external IPs
𧩠Basic Ingress YAML Example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /app1
pathType: Prefix
backend:
service:
name: app1-service
port:
number: 80
Role of Ingress Controller (e.g., NGINX, Traefik, HAProxy)
An Ingress Controller is a pod that reads Ingress resources and configures a load balancer (usually an HTTP proxy) accordingly.
π Common Ingress Controllers:
NGINX: Popular, widely adopted
Traefik: Dynamic and supports modern routing features
HAProxy: High-performance TCP/HTTP load balancer
π Installation Example β NGINX
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.1/deploy/static/provider/cloud/deploy.yaml
Verify the ingress controller:
kubectl get pods -n ingress-nginx
kubectl get svc -n ingress-nginx
Look for the external IP:
kubectl get svc ingress-nginx-controller -n ingress-nginx
Deploy a Sample App (e.g., hello-world)
# hello-world-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
labels:
app: hello-world
spec:
replicas: 2
selector:
matchLabels:
app: hello-world
template:
metadata:
labels:
app: hello-world
spec:
containers:
- name: hello-world
image: hashicorp/http-echo
args:
- "-text=Hello from Ingress"
ports:
- containerPort: 5678
---
apiVersion: v1
kind: Service
metadata:
name: hello-world
spec:
selector:
app: hello-world
ports:
- port: 80
targetPort: 5678
kubectl apply -f hello-world-deployment.yaml
Create Ingress Resource
# hello-world-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: yourdomain.com # Change or use a local DNS like nip.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-world
port:
number: 80
kubectl apply -f hello-world-ingress.yaml
Test the Ingress
If youβre using nip.io or /etc/hosts entry:
# Suppose External IP of ingress controller is 1.2.3.4
curl http://hello.1.2.3.4.nip.io
Or edit /etc/hosts:
1.2.3.4 yourdomain.com
Then:
curl http://yourdomain.com
What is Kubernetes Gateway API?
The Gateway API is a collection of Kubernetes Custom Resource Definitions (CRDs) that allow for fine-grained and extensible control over how traffic is routed into and within a cluster.
It is designed to:
Enable separation of concerns between infrastructure and application teams.
Support multi-tenant and multi-team environments.
Provide vendor-neutral, portable API standards.
Improve support for advanced traffic policies like header-based routing, retries, and traffic splitting.
Example: Gateway + HTTPRoute YAML
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: example-gatewayclass
spec:
controllerName: nginx.org/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: my-gateway
namespace: infra
spec:
gatewayClassName: example-gatewayclass
listeners:
- name: http
protocol: HTTP
port: 80
allowedRoutes:
namespaces:
from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: my-route
namespace: app
spec:
parentRefs:
- name: my-gateway
namespace: infra
rules:
- matches:
- path:
type: PathPrefix
value: /api
backendRefs:
- name: my-service
port: 80
Ingress Resource vs Gateway API
Traffic Flow Comparison
| Feature | Ingress Resource | Gateway API |
| Introduced In | Kubernetes v1.1+ | GA in Kubernetes v1.8+ |
| Controller Flexibility | Controller-agnostic but less extensible | Highly extensible with standard schema |
| Role Separation | No strict separation | Infra vs App responsibility is clear |
| CRD-Based | No (built-in type) | Yes (fully CRD-based & extensible) |
| TLS, Path Routing | Supported via annotations | First-class support in spec |
Key Gateway API Components
GatewayClass β Defines Controller Implementation
Describes how Gateways should be instantiated across the cluster.
apiVersion: gateway.networking.k8s.io/v1beta1
kind: GatewayClass
metadata:
name: example-nginx
spec:
controllerName: k8s.io/nginx
Gateway β Defines the Listener & Network Entry Point
Specifies how external traffic enters the cluster (e.g., host, port, protocol).
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: my-gateway
spec:
gatewayClassName: example-nginx
listeners:
- name: http
port: 80
protocol: HTTP
hostname: "example.com"
HTTPRoute β Define Routing Rules
Defines how requests are routed based on host/path.
apiVersion: gateway.networking.k8s.io/v1beta1
kind: HTTPRoute
metadata:
name: my-route
spec:
parentRefs:
- name: my-gateway
rules:
- matches:
- path:
type: PathPrefix
value: /app1
backendRefs:
- name: app1-service
port: 80
TLSRoute β Define Encrypted Routing Rules (Optional)
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
name: tls-example
spec:
parentRefs:
- name: my-gateway
rules:
- backendRefs:
- name: secure-app
port: 443
Benefits of the Gateway API
𧩠Standardization
Defines a clear spec across Kubernetes distros and vendors
CRD-based design enables future extensibility
π Cross-vendor Compatibility
Decouples routing rules from the controller implementation
Works with NGINX, Istio, Envoy, and more
π₯ Separation of Concerns
Infrastructure Teams: define GatewayClass and Gateway
Application Teams: define HTTPRoute/TLSRoute per application
Production-Ready Controllers Supporting Gateway API
NGINX Gateway
Istio Gateway Controller
Envoy Gateway
Traefik Proxy
HAProxy Kubernetes Gateway
π§ Final Thoughts
Ingress and Gateway API both route traffic, but Gateway API is more structured and extensible.
Gateway API promotes a modular approach and is future-ready.
Adoption is growing rapidlyβespecially in multi-tenant and enterprise-grade clusters.
Learn both models to design flexible, scalable traffic routing architectures.
Hands-on with YAMLs is keyβtry deploying each to understand their behavior.
Follow me on LinkedIn
Follow me on GitHub
Keep Learningβ¦β¦
