Notes on K8s setup

June 2, 2026 · 1 min read

  • a k8s cluster can have multiple ingress gateway

  • ingress is comprised of 2 things, ingress config - which is basically routing rules and the ingress gateway controller - which is basically the what reads and executes the routing rules.

  • Ingress is API object provided by k8s but to make ingress controller work, you need to install any ingress controllers like ngnix, traefik, HAProxy etc.

  • when we install ingress controllers in k8s cluster, it deploys the k8s pods of the installed software, for instance ngnix. these pods keep watching for changes in routing rules (ingress config)

  • when ingress controller is installed on k8s cluster, it also creates a another k8s object called “LoadBalancer”

  • cloud providers like google cloud or aws which are running the k8s clusters, identifies if the k8s cluster has any “LoadBalancer” object and provisions a real/physical L4 LoadBalancer, this LoadBalancer is the bridge between the outside traffic and k8s cluster, it forwards the traffic to IngressController Pods.

  • And we setup the DNS to resolve the IP of this L4 load balancer. So any user visiting https://company.com, DNS resolution of company.com will be the IP of L4 load balancer.

  • Istio is basically service mesh - so IngressControllers only manage the traffic entering the k8s cluster (north-south traffic) but service mesh also manage the traffic between the k8s pods in the cluster (east-west traffic), it can also do tls between the pods, so it helps if we want to encrypt the traffic between the pods in k8s cluster

twitterlinkedinwhatsapp
Notes on K8s setup — Gaurav