Ingress
An API object that configures HTTP/HTTPS routing rules from a single external load balancer to multiple backend Services.
What is Ingress?
An Ingress is a Kubernetes API object that defines HTTP and HTTPS routing rules: which hostnames and URL paths map to which backend Services. Unlike Services of type LoadBalancer (one load balancer per Service), a single Ingress can consolidate routing for hundreds of backend Services behind one cloud load balancer, dramatically reducing load balancer costs and complexity. An Ingress object alone does nothing — it requires an Ingress controller running in the cluster to implement the rules.
Ingress controllers are third-party software: NGINX Ingress Controller (the most common open-source option), Traefik, HAProxy, Contour, and cloud-native implementations like AWS ALB Ingress Controller, GKE Ingress, and Azure Application Gateway Ingress. The choice of controller determines available features — TLS termination, authentication, rate limiting, canary deployments, and WebSocket support vary by implementation.
TLS termination is configured by referencing a Secret containing a TLS certificate in the Ingress spec. Tools like cert-manager automate certificate provisioning from Let's Encrypt and other ACME-compliant CAs. Annotations on the Ingress object configure controller-specific behavior: timeout values, maximum body size, authentication providers, and backend protocol.
Example
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: main-ingress
namespace: production
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- api.example.com
secretName: api-tls-cert
rules:
- host: api.example.com
http:
paths:
- path: /v1
pathType: Prefix
backend:
service:
name: api-v1
port:
number: 80Cost & Waste Implications
Orphaned Ingress rules — rules pointing to deleted or renamed backend Services — create 502/503 errors for users and waste load balancer routing capacity. TLS Secrets referenced by Ingress objects that have expired or been rotated away from may cause certificate errors. Each cloud-provisioned Ingress load balancer carries a base cost of $18–$36/month regardless of traffic volume.
How KorPro Helps
KorPro detects Ingress rules whose backend Services have no running Pod endpoints and flags TLS Secrets referenced by Ingress objects that are approaching expiry or are already expired.
Scan Your Cluster FreeRelated Terms
Service
NetworkingA stable network endpoint that load-balances traffic to a dynamic set of Pods selected by label.
Read definitionNetworkPolicy
NetworkingA namespaced resource that defines firewall rules controlling which Pods can send and receive traffic.
Read definitionSecret
ConfigurationAn API object for storing sensitive data such as passwords, tokens, and TLS certificates, base64-encoded in etcd.
Read definitionNamespace
Core ConceptsA virtual partition within a cluster that isolates resources, access control, and networking between teams or environments.
Read definitionStop Wasting Money on Orphaned Kubernetes Resources
KorPro connects to your clusters across GCP, AWS, and Azure — no agents, no installation — and surfaces every orphaned resource with its monthly cost estimate.