Create and Manage Kubernetes Ingress with Kubectl

The cluster is running, pods are healthy, services are online—yet the outside world can’t reach them. This is where Kubernetes Ingress comes in, and kubectl is your direct control.

Ingress defines external access to internal services. Unlike a NodePort or LoadBalancer Service, an Ingress lets you route traffic based on hostnames and paths. It also integrates with TLS to secure requests. Using kubectl, you configure and inspect these rules without leaving your terminal.

Create an Ingress with Kubectl

First, ensure an Ingress controller is deployed. Popular options include NGINX, Traefik, and HAProxy. Without a controller, Ingress resources will sit idle.

Define an Ingress manifest (ingress.yaml):

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: demo-ingress
spec:
 rules:
 - host: app.example.com
 http:
 paths:
 - path: /
 pathType: Prefix
 backend:
 service:
 name: demo-service
 port:
 number: 80

Apply it:

kubectl apply -f ingress.yaml

Inspect and Debug

View your Ingress:

kubectl get ingress

Describe it for detailed status:

kubectl describe ingress demo-ingress

Check events for issues with routing or TLS:

kubectl get events --sort-by=.metadata.creationTimestamp

Securing with TLS

Add a tls block to your manifest and reference a Kubernetes Secret containing your certificate:

tls:
- hosts:
 - app.example.com
 secretName: tls-secret

Create the secret:

kubectl create secret tls tls-secret \
 --cert=cert.pem \
 --key=key.pem

Best Practices

• Always deploy an Ingress controller before creating an Ingress resource.
• Use host-based routing for clarity and maintainability.
• Automate certificate renewal with cert-manager.
• Monitor Ingress logs to detect routing errors early.

Mastering kubectl with Kubernetes Ingress means faster deployments, cleaner routing rules, and secure endpoints for your applications. See it live in minutes with hoop.dev.