1. Get the Ingress Controller's External IP

After deploying the Ingress resource, check the external IP of the Ingress Controller:

bash kubectl get ingress

Example output: NAME CLASS HOSTS ADDRESS PORTS AGE my-app-ingress nginx my-app.example.com 192.168.1.100 80 5m Here, 192.168.1.100 is the Ingress IP.

2. Use /etc/hosts for Local Domain Resolution

Since you don’t have a real domain, you can trick your system into resolving my-app.example.com by adding an entry in your hosts file.

🔹 On Linux/Mac:

Edit the /etc/hosts file: bash sudo nano /etc/hosts Add this line: 192.168.1.100 my-app.example.com Save the file (Ctrl+X, Y, Enter).

🔹 On Windows:

Edit the C:\Windows\System32\drivers\etc\hosts file (open Notepad as Administrator) and add: 192.168.1.100 my-app.example.com

✅ Now, you can access your service using my-app.example.com in your browser or via curl: bash curl -H "Host: my-app.example.com" http://my-app.example.com

3. Use curl with --resolve Option (No Need to Edit /etc/hosts)

Instead of modifying /etc/hosts, you can use curl directly:

bash curl --resolve my-app.example.com:80:192.168.1.100 http://my-app.example.com

This forces my-app.example.com to resolve to 192.168.1.100.

4. Get Minikube or Kind Ingress IP (If Using Local Cluster)

If you're using Minikube, run: bash minikube ip Use the output IP for testing (192.168.49.2 is a common Minikube IP).

For Kind (Kubernetes in Docker), port-forward the Ingress controller manually: bash kubectl port-forward --namespace ingress-nginx svc/ingress-nginx-controller 8080:80 Then, test the service: bash curl -H "Host: my-app.example.com" http://localhost:8080

How to Secure Ingress in Kubernetes 🚀🔒

To secure Kubernetes Ingress, you need to consider TLS encryption, authentication, rate limiting, network policies, and security best practices.

1. Enable TLS for HTTPS Traffic

🔹 Ingress should always use HTTPS to encrypt traffic.

🔹 Step 1: Generate a TLS Certificate (Self-Signed or Let's Encrypt)

If you don’t have a TLS certificate, generate a self-signed one:
bash openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout tls.key -out tls.crt -subj "/CN=my-app.example.com" Create a Kubernetes secret from the certificate:
bash kubectl create secret tls my-app-tls --cert=tls.crt --key=tls.key

🔹 Step 2: Configure Ingress with TLS

Modify your Ingress resource to use the TLS secret: yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-app-ingress spec: ingressClassName: nginx tls: - hosts: - my-app.example.com secretName: my-app-tls rules: - host: my-app.example.com http: paths: - path: / pathType: Prefix backend: service: name: my-app-service port: number: 80 ✅ Now, traffic will be encrypted using TLS.

2. Redirect HTTP to HTTPS (Force Secure Connection)

To force all HTTP traffic to redirect to HTTPS, add this annotation: yaml metadata: annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" Now, even if users try to access http://my-app.example.com, they will be redirected to https://my-app.example.com.

3. Restrict External Access (Whitelist IPs)

To allow access only from specific IP addresses, add: yaml metadata: annotations: nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.1.1/24,10.10.10.0/24" ✅ Only requests from these IP ranges can access the Ingress.

4. Enable Authentication for API Protection

Use Basic Authentication to restrict access:
1. Create a password file: bash htpasswd -c auth myuser 2. Create a Kubernetes secret: bash kubectl create secret generic my-app-auth --from-file=auth 3. Apply authentication in Ingress: yaml metadata: annotations: nginx.ingress.kubernetes.io/auth-type: "basic" nginx.ingress.kubernetes.io/auth-secret: "my-app-auth" nginx.ingress.kubernetes.io/auth-realm: "Authentication Required" ✅ Users will need to enter a username and password.

5. Rate Limiting to Prevent DDoS Attacks

To prevent too many requests per second: yaml metadata: annotations: nginx.ingress.kubernetes.io/limit-rps: "10" ✅ Limits requests to 10 per second per client.

6. Block Malicious User-Agents

To block known malicious bots: yaml metadata: annotations: nginx.ingress.kubernetes.io/server-snippet: | if ($http_user_agent ~* "malicious-bot|bad-spider") { return 403; } ✅ Requests from these bots will be denied.

7. Restrict Ingress to Internal Traffic Only

To disable external access and allow only cluster-internal requests: yaml metadata: annotations: nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/internal: "true" ✅ This makes the Ingress accessible only from inside the cluster.