Ingress and Egress

Why Ingress and Egress

Picture a fortified castle. Gates allow citizens to enter, and guarded exits regulate who leaves. Without gates, chaos would erupt and anyone could storm in or sneak out. Kubernetes clusters face the same challenge: pods need controlled entry points for external traffic and secure exits for outbound communication.

Ingress and Egress Controllers were born as the castle gates of Kubernetes, managing how traffic flows in and out of the cluster.

Ingress Controllers

The Entry Gates

Definition: Manage external access to services inside the cluster.
Capabilities:
- HTTP/HTTPS routing.
- Load balancing.
- SSL/TLS termination.
Popular Options: NGINX Ingress, HAProxy, Traefik, Istio Gateway.

Analogy: Ingress controllers are like castle gates with guards, deciding who can enter and where they go.

Egress Controllers

The Exit Gates

Definition: Manage outbound traffic from pods to external systems.
Capabilities:
- Restrict which pods can connect to external endpoints.
- Enforce compliance (e.g., only approved APIs).
- Monitor outbound traffic for anomalies.

Analogy: Egress controllers are like castle guards at the exits, ensuring citizens leave only through approved paths.

Global Context

Enterprises: Use ingress for customer‑facing apps, egress for compliance and data security.
Cloud Providers: Managed Kubernetes services integrate ingress with load balancers and egress with firewalls.
Community: Ingress and egress are taught worldwide as essential for secure, controlled traffic management.

Hands‑On Exercise

Reflect: How do ingress and egress controllers act as castle gates, regulating who enters and exits the cluster?

Configure egress restrictions (example with Calico):

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: restrict-egress
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 203.0.113.0/24

Create an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

Deploy an NGINX Ingress Controller:

kubectl apply -f https://k8s.io/examples/ingress-nginx.yaml

The Hacker’s Notebook

Ingress is entry to external traffic into the cluster.
Egress is exit to outbound traffic from pods.
Lesson for engineers: Don’t leave gates open for control traffic with ingress and egress.
Hacker’s mindset: Treat ingress/egress as your guardians. With them, you can secure communication across borders.

Tips, Tricks, Roadmaps, Resources, Networking, Motivation, Guidance, and Cool Stuff ♥

Updated on Dec 30, 2025

Module 1: Kubernetes Foundations

Module 2: Kubernetes Starter

Module 3: Workloads & Scheduling

Module 4: Networking & Services

Module 5: Storage & Configs

Module 6: Security & RBAC

Module 7: Scaling & Availability

Module 8: Observability Stack

Module 9: Advanced Kubernetes

Module 10: Real‑World Workflows

Module 11: Capstone Project

Module 12: Kubernetes Cheatsheet