Kubernetes Ingress and API Gateway Explained: AWS Example Included
Exploring DevOps tools and practices.
In modern cloud-native application design, traffic management and service exposure are critical aspects of system reliability, scalability, and security. Kubernetes (K8s) offers native primitives for service exposure, and among them, Ingress is one of the most powerful. However, as applications scale and evolve, teams often need more advanced capabilities, leading them to combine Kubernetes Ingress with an API Gateway.
In this comprehensive guide, we will cover:
What is Kubernetes Ingress?
Why use Ingress? Benefits and use cases
Main components of Ingress
Step-by-step guide to deploying Ingress in Kubernetes (with example)
What is an API Gateway and how does it compare to Ingress?
Why use both Ingress and API Gateway together?
How to integrate Kubernetes with AWS API Gateway (with 3-step setup)
๐ What Is Kubernetes Ingress?
Kubernetes Ingress is a resource that defines how external HTTP and HTTPS traffic is routed to services within your cluster. Rather than exposing each microservice individually using Load Balancers or NodePorts, Ingress allows you to centralize and simplify access rules.
For example, you can define an Ingress that says:
Route
https://myapp.com/apito theapi-serviceRoute
https://myapp.com/webto theweb-service
This is incredibly useful for managing multiple applications under a single domain.
๐ Why Use Ingress? (Benefits and Use Cases)
Key Benefits:
Consolidated Traffic Entry Point: Reduce the number of Load Balancers needed by exposing many services under a single entry point.
URL Path and Host-based Routing: Intelligently route based on URL paths or domains.
TLS Termination: Secure your services with HTTPS and offload SSL termination.
Integration with External DNS and Cert-Manager: Automate certificate issuance using Let's Encrypt.
Scalable and Cloud-Agnostic: Works with cloud-native load balancers or open-source solutions.
Common Use Cases:
Hosting multiple microservices under a single domain
Enabling SSL termination and certificate management
Simplifying internal/external routing rules
๐ Components of Kubernetes Ingress
Understanding how Ingress fits into the K8s architecture is key to using it effectively.
| Component | Description |
| Ingress Resource | Defines the rules for routing traffic to backend services. |
| Ingress Controller | Listens for changes to Ingress resources and configures the reverse proxy. |
| IngressClass | Associates Ingress resources with a specific controller implementation. |
โ Request Flow:
Client Request โ LoadBalancer โ Ingress Controller โ Ingress Rules โ Service โ Pods
โ๏ธ Step-by-Step: Deploying Ingress with NGINX Controller
We will now set up a working Ingress configuration using the popular NGINX Ingress Controller.
Step 1: Install NGINX Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/cloud/deploy.yaml
This command deploys all necessary resources, including the controller Deployment and LoadBalancer Service.
Step 2: Deploy a Sample Application
# hello-app.yaml
apiVersion: v1
kind: Service
metadata:
name: hello-service
spec:
selector:
app: hello
ports:
- port: 80
targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-deployment
spec:
replicas: 2
selector:
matchLabels:
app: hello
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: hashicorp/http-echo
args: ["-text=Hello from Kubernetes Ingress"]
ports:
- containerPort: 8080
Apply with:
kubectl apply -f hello-app.yaml
Step 3: Create an Ingress Resource
# hello-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: hello.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hello-service
port:
number: 80
kubectl apply -f hello-ingress.yaml
Point your DNS (or /etc/hosts) to the external IP or ELB hostname of the Ingress controller.
๐ก๏ธ API Gateway vs Kubernetes Ingress
| Feature | Kubernetes Ingress | API Gateway |
| Scope | Cluster-internal | External/public APIs |
| Protocol Support | HTTP/HTTPS | HTTP, WebSocket, gRPC |
| Security | TLS termination | Auth, rate limiting, WAF |
| Routing Logic | Path/host-based | Rich routing + transformation |
| Management | Self-managed | Fully managed (e.g., AWS) |
โณ Why Use Ingress + API Gateway Together?
While Ingress simplifies routing within Kubernetes, it lacks:
Deep authentication and authorization features
Request throttling and rate limiting
IP whitelisting, geo restrictions, usage plans
Detailed analytics, caching, and edge protection
API Gateways like AWS API Gateway fill in these gaps. A common architecture is:
Internet โ AWS API Gateway (auth, throttling, metrics) โ k8s Ingress Controller โ Ingress Rules โ Service โ Pods
This gives you the best of both: API Gateway's security and observability, and Ingress's efficient in-cluster routing.
โ๏ธ How to Connect AWS API Gateway to Kubernetes Ingress
When building production-grade architectures, you may want to expose Kubernetes services to the outside world through AWS API Gateway โ especially if you need features like throttling, authentication, or detailed monitoring. While Kubernetes Ingress is great for internal routing and basic TLS termination, API Gateway offers more robust edge capabilities.
In this section, we'll walk through how to connect AWS API Gateway to a service inside your Kubernetes cluster that is exposed via an Ingress.
Goal
Route https://{api-id}.execute-api.{region}.amazonaws.com/hello to a backend application running inside your Kubernetes cluster, via Ingress.
๐งญ Overview of Steps
Weโll perform the following:
Expose your Ingress controller using a LoadBalancer
Create an HTTP API in AWS API Gateway
Point the API Gateway integration to your Ingress URL
โ Step 1: Make the Ingress Publicly Reachable
Your Ingress controller is typically fronted by a Kubernetes Service of type LoadBalancer. To retrieve its external IP or DNS name:
kubectl get svc -n ingress-nginx ingress-nginx-controller
This might return a public IP or an AWS ELB DNS like:
a1b2c3d4.elb.amazonaws.com
You can optionally create a DNS record in Route 53 or your domain provider that maps a custom domain to this ELB: hello.example.com โ a1b2c3d4.elb.amazonaws.com
Once this is set, your Ingress will be reachable at https://hello.example.com.
โ Step 2: Create and Configure an HTTP API in AWS API Gateway
Open the AWS API Gateway Console and create a new HTTP API.
Under Routes, add:
Method:
GET(orANY)Path:
/hello
Set up an Integration of type
HTTP.In the Integration URL, paste the public Ingress URL you obtained earlier.
๐งพ What URL Should You Enter?
Use either:
Your custom domain:
https://hello.example.comOr the raw ELB DNS:
https://a1b2c3d4.elb.amazonaws.com
Important:
Enter only the scheme and host, like this:
https://hello.example.comDo not include
/helloin the URL โ API Gateway will automatically append it from the route path.Make sure this URL is accessible from the public internet. If your Load Balancer is private, consider attaching a VPC link to the API Gateway.
After deploying the API, any request sent to: https://{api-id}.execute-api.{region}.amazonaws.com/hello
will be routed to your Kubernetes backend through API Gateway โ Ingress โ Service โ Pods.
๐ ๏ธ Final Thoughts
Ingress helps manage traffic inside Kubernetes efficiently.
API Gateway adds powerful capabilities like security, observability, and rate limiting.
Together, they provide a production-grade, cloud-native traffic management layer.
๐ Further Reading
Follow me on Hashnode for more Kubernetes, DevOps, and cloud-native engineering deep dives! ๐๐
