Ingress controller
An ingress controller is the Kubernetes component that translates Ingress resource definitions into actual layer-7 routing — typically backed by Nginx, Envoy, Traefik, or HAProxy. It terminates TLS, applies path-based routing rules, and forwards requests to the appropriate backend Service.
Ingress controllers replaced the earlier pattern of one cloud load balancer per Service, which was expensive at scale (a 50-service cluster needed 50 load balancers). With an ingress controller, one or two load balancers front the cluster and the controller handles in-cluster routing. The choice of ingress controller matters more than people expect: Nginx has the broadest config surface but worst dynamic reload story; Envoy has the strongest observability and gRPC support; Traefik is the easiest to operate; HAProxy has the best raw throughput. Most teams pick one and stay with it; switching mid-flight involves rewriting every Ingress annotation.
Related terms
- Service mesh
A service mesh is an infrastructure layer for service-to-service communication, typically implemented as a sidecar proxy (Envoy, Linkerd-proxy) running alongside each service.
- API gateway
An API gateway is the single entry point in front of a service ecosystem that handles cross-cutting concerns — authentication, rate limiting, request routing, response aggregation, caching, observability — so each backend service doesn't reimplement them.
- Rate limiting
Rate limiting caps the number of requests a client can make to a service within a defined window — typically expressed as 'N requests per second' or 'N requests per minute per API key'.