All Products
Search

This Product

    Container Service for Kubernetes:Expose services with an Nginx Ingress

    Document Center

    Container Service for Kubernetes:Expose services with an Nginx Ingress

    Last Updated:Mar 26, 2026

    An Ingress is a Kubernetes resource object that is used to enable external access to Services in a Kubernetes cluster. This topic explains how to create, view, update, and delete an NGINX Ingress in Container Service for Kubernetes (ACK)—using the ACK console or kubectl.

    Prerequisites

    Before you begin, ensure that you have:

    Constraints

    Do not violate the following constraints, as they affect whether the NGINX Ingress controller runs correctly:

    • Do not delete the kube-system/nginx-ingress-lb Service. This is the default Service used by the NGINX Ingress controller. Deleting it may cause the controller to fail or stop.

    • Customize component parameters only through the cluster details page in the ACK console or via the ACK API. Other methods may cause unexpected behavior or update failures.

    Recommendations

    • Configure component features via annotations and parameters rather than Snippet or Lua code. ACK does not provide technical support for issues caused by Snippet configurations.

    • Keep the NGINX Ingress controller updated to the latest version to avoid known bugs and vulnerabilities from the upstream open-source release.

    • In heavy-load scenarios, deploy each NGINX Ingress controller pod on a dedicated node. See Deploy Ingress controller in a high-reliability architecture.

    For a full usage reference, see Usage notes of the NGINX Ingress controller.

    Create an NGINX Ingress in the ACK console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, click the name of the target cluster. In the left-side pane, choose Network > Ingresses.

    3. On the Ingresses page, click Create Ingress. In the Create Ingress dialog box, configure the following parameters:

      Parameter Description Example
      Gateway Type Select ALB, MSE Cloud-native Gateway, or Nginx. For a comparison, see Comparison among Nginx Ingresses, ALB Ingresses, and MSE Ingresses. Nginx
      Name The name of the Ingress. nginx-ingress
      Ingress Class The class of the Ingress. nginx
      Rules Click +Add Rule to define routing rules. For each rule, specify: Domain name (custom domain), Path (URL path of the backend Service), Rule (Prefix, Exact, or ImplementationSpecific), Service (backend Service), and Port (exposed Service port). Click + Add to add multiple paths for the same domain. Domain name: test.example.com, Path: /, Rule: ImplementationSpecific, Service: nginx-ingress-lb, Port: 80
      TLS Settings Enable TLS authentication. Specify a domain name and select or create a Secret (requires Name, Cert, and Key). Click + Add to attach multiple TLS certificates. See Ingress support. Domain name: test.example.com, Secret: cert
      More Configure optional features: Canary release — route traffic by request header (nginx.ingress.kubernetes.io/canary-by-header, nginx.ingress.kubernetes.io/canary-by-header-value, nginx.ingress.kubernetes.io/canary-by-header-pattern), cookie (nginx.ingress.kubernetes.io/canary-by-cookie), or weight (nginx.ingress.kubernetes.io/canary-weight, integers 0–100). When multiple methods are active, request headers take priority over cookies, and cookies take priority over weights. Protocol — set the backend protocol (nginx.ingress.kubernetes.io/backend-protocol): HTTP, HTTPS, gRPC, or gRPCS. Rewrite Path — rewrite request paths before forwarding (nginx.ingress.kubernetes.io/rewrite-target). Canary release: based on request header foo: bar (Exact Match); Protocol: gRPC
      Annotation Add custom annotations by name and value. Select from the drop-down list or enter a custom key. There is no limit on the number of annotations. See Annotations. Name: nginx.ingress.kubernetes.io/proxy-body-size, Value: 10m
      Labels Add labels to describe Ingress characteristics. There is no limit on the number of labels. Name: foo, Value: bar

    4. Click OK.

    The Ingress appears on the Ingresses page.

    Manage existing Ingresses

    On the Ingresses page, use the Actions column to manage existing Ingresses:

    • Update — edit the Ingress configuration

    • Edit YAML — directly modify the Ingress YAML

    • Monitor — view monitoring metrics

    • 更多 > Delete — delete the Ingress

    Create an NGINX Ingress using kubectl

    Step 1: Create a Deployment and a Service

    An Ingress routes traffic to a Service, so the Service must exist before you create the Ingress.

    1. Create a file named test-deployment-service.yaml with the following content:

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: test-web1
  labels:
    app: test-web1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-web1
  template:
    metadata:
      labels:
        app: test-web1
    spec:
      containers:
      - name: test-web1
        imagePullPolicy: IfNotPresent
        image: registry.cn-hangzhou.aliyuncs.com/yilong/ingress-test:web1
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: web1-service
spec:
  type: ClusterIP
  selector:
    app: test-web1
  ports:
    - port: 8080
      targetPort: 8080

    2. Apply the manifest:

      kubectl apply -f test-deployment-service.yaml

    Step 2: Create an Ingress

    The Ingress manifest format differs between Kubernetes versions. The key differences are the API version field and the spec structure for specifying the backend service. Both examples below route /foo and /bar to web1-service on port 8080.

    Kubernetes 1.19 and later (uses networking.k8s.io/v1 with explicit pathType):

    1. Create a file named test-ingress.yaml with the following content:

      Field Description
      metadata.name Name of the Ingress resource (test-ingress).
      spec.rules[].host Domain name for external access (test-ingress.com). Traffic is forwarded to the backend only when both host and path match the inbound request.
      spec.rules[].http.paths[].path URL path to match (/foo, /bar).
      spec.rules[].http.paths[].pathType Path matching mode. ImplementationSpecific delegates behavior to the Ingress controller.
      backend.service.name Name of the backend Service (web1-service).
      backend.service.port.number Service port to forward traffic to (8080). 
      apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
spec:
  rules:
  - host: test-ingress.com
    http:
      paths:
      - path: /foo
        backend:
          service:
            name: web1-service
            port:
              number: 8080
        pathType: ImplementationSpecific
      - path: /bar
        backend:
          service:
            name: web1-service
            port:
              number: 8080
        pathType: ImplementationSpecific

      Key fields:

    Kubernetes versions earlier than 1.19 (uses networking.k8s.io/v1beta1 without pathType):

    1. Create a file named test-ingress.yaml with the following content:

      apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  namespace: default
spec:
  rules:
  - host: test-ingress.com
    http:
      paths:
      - path: /foo
        backend:
          serviceName: web1-service
          servicePort: 8080
      - path: /bar
        backend:
          serviceName: web1-service
          servicePort: 8080

    2. Apply the manifest:

      kubectl apply -f test-ingress.yaml

    Step 3: Verify the Ingress

    Run the following command to confirm the Ingress was created:

       kubectl get ingress

    View, update, and delete an Ingress

    Operation Command
    View all Ingresses kubectl get ingress
    Update an Ingress kubectl edit ingress <Ingress name>
    Delete an Ingress kubectl delete ingress <Ingress name>

    What's next