How Kubernetes Ingress Works
Kubernetes Ingress is the mechanism used to present services and applications externally from within a cluster. Ingress delivery in Kubernetes has changed significantly over time, starting with the early Ingress API to today, where Envoy Gateway is the leading choice to deliver Ingress services via the Kubernetes Gateway API.
The Kubernetes Ingress API and the Kubernetes Gateway API both serve to manage and route external traffic to services within a Kubernetes cluster, but they have different scopes, capabilities, and design philosophies. Here’s a comparison between the two:
The Older Kubernetes Ingress API
Overview
- Purpose: Manages HTTP(S) traffic routing to services within a cluster.
- Resources: Primarily uses the Ingress resource.
- Scope: Focused on HTTP and HTTPS traffic.
Key Features
- Simple Configuration: Designed to be straightforward, defining rules for routing HTTP(S) traffic.
- Single Resource: Uses the Ingress resource to define routes, TLS settings, and backend services.
- Ingress Controllers: Relies on various controllers (like Nginx, Traefik, etc.) to implement the routing rules defined in the Ingress resource.
- HTTP(S) Focus: Primarily designed to handle HTTP and HTTPS traffic, with limited support for other protocols.
Limitations
- Limited Protocol Support: Not designed to handle non-HTTP(S) traffic effectively.
- Basic Feature Set: Limited to routing, load balancing, and TLS termination, with some advanced features like path-based routing and rewrites.
The Newer Kubernetes Gateway API
Overview
- Purpose: A more extensible and flexible way to manage all kinds of traffic into a Kubernetes cluster, including HTTP(S), TCP, and more.
- Resources: Uses multiple resources like Gateway, GatewayClass, HTTPRoute, TCPRoute, UDPRoute, etc.
- Scope: Broader scope, designed to handle multiple protocols and more complex routing requirements.
Key Features
- Extensibility: Designed to be more extensible and flexible, supporting a wide range of traffic types and routing requirements.
- Multiple Resources: Uses a combination of resources (Gateway, GatewayClass, HTTPRoute, etc.) to provide more granular control over traffic management.
- Protocol Support: Supports various protocols beyond HTTP(S), such as TCP and UDP.
- Advanced Capabilities: Offers more advanced traffic management features, including more sophisticated routing, traffic splitting, and retries.
- Role Separation: Separates concerns by allowing different roles (e.g., infrastructure providers, cluster operators, and application developers) to define and manage different aspects of traffic routing.
Benefits
- Comprehensive Traffic Management: Can handle a wider variety of traffic types and routing requirements.
- Separation of Concerns: Allows different roles to manage different aspects of traffic management, improving security and maintainability.
- Enhanced Features: Provides more advanced features and flexibility in routing, load balancing, and traffic management.
Comparison Summary
Feature | Ingress API | Gateway API |
Traffic Types | Primarily HTTP/HTTPS | HTTP/HTTPS, TCP, UDP, and more |
Resources | Ingress | Gateway, GatewayClass, HTTPRoute, TCPRoute, etc. |
Complexity | Simpler | More complex but more flexible |
Extensibility | Limited | Highly extensible |
Role Separation | Limited | Clear separation of roles |
Advanced Features | Basic routing and load balancing | Advanced routing, traffic splitting, retries |
Learn More
- To learn more about the the Gateway API and how it works for Kubernetes ingress, read Why the Gateway API is the Unified Future of Ingress for Kubernetes and Service Mesh ›
- Read our Envoy Gateway overview to get started with Kubernetes ingress using the Gateway API ›