Your submission was sent successfully! Close


Applications in Kubernetes can be exposed outside of the cluster in several ways, such as via NodePort or LoadBalancer type services, or via ingress controllers or gateways.

NodePort services expose the service directly via a port on each of the nodes, which can then be manually managed by firewall rules or external load balancers.

LoadBalancer services require something that can provide indvidual load balancers for each service, which could be native load balancers provided by the underlying cloud (see the relevant Cloud Integration section of the docs) or something like MetalLB.

Ingress controllers provide a single point of entry instead of needing to deal with multiple individual service addresses, and then use rules or path matching to direct traffic appropriately. The ingress endpoint itself still needs to be exposed via one of the above methods but can provide feature-rich management of traffic routing into the cluster.

NGINX Ingress

By default, Charmed Kubernetes sets up the NGINX Ingress Controller, which can be customized via the config options on the worker charm. Ingress resources can then be used to configure routes for specific applications.

Istio Ingress

By deploying the Istio bundle into your cluster, you can use the Istio traffic management features. You can then relate Kubernetes charms which support the ingress relation to automatically manage VirtualServices, manually manage VirtualServices for your applications, or even use Ingress resources.

Note: The Istio bundle requires a load balancer provider. If you're not using a cloud integrator which provides this, MetalLB can be used.

Multiple Ingress Controllers

Multiple ingress controllers or gateways can be used at the same time, typically with different configuration or exposure. The defines an IngressClass resource to select between controllers, but some controllers may rely on annotations, such as Istio's annotation.

We appreciate your feedback on the documentation. You can edit this page or file a bug here.