# Ingress

**Ingress** defines HTTP(S) routing rules (hosts/paths) from outside the cluster to Services.

Important: Ingress is just a resource. You also need an **Ingress Controller** (NGINX, Traefik, cloud LB controller) that implements it.


## Why it is used
- Publish multiple services through one entrypoint using host/path rules.
- Terminate TLS at the edge (HTTPS).
- Apply routing features like rewrites, rate limits (controller-specific).


## How it works (high level)
```text
Internet -> Load Balancer -> Ingress Controller -> Service -> Pods
```

Ingress defines rules; the controller watches Ingress objects and configures itself accordingly.


## YAML template (pseudo)
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - web.example.com
      secretName: web-tls
  rules:
    - host: web.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 80
```


## Pitfalls
- No Ingress Controller installed = Ingress does nothing.
- DNS must point to the controller/LB.
- TLS requires a Secret with a certificate (or cert-manager automation).
- Annotations are often controller-specific; portability can vary.

## References
- Ingress: https://kubernetes.io/docs/concepts/services-networking/ingress/
