It manages external access to the services in a cluster.
The main features of Ingress are load balancing, name-based virtual hosting, URL routing, and SSL termination.
It exposes one or more services to external clients through a single externally reachable IP address.
Ingress type resource would create a L7(HTTP/HTTPS) load balancer.
It exposes HTTP (80) and HTTPS (443) routes from outside the cluster to services within the cluster.
Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.
It use this to expose several services at the same time, as L7 LB is application aware, so it can determine where to send traffic depending on the application state.
The each Ingress rules are mapping all mapped to Public DNS (AWS_Route53, GoDaddy) to integration with LoadBalancer (AWS_ELB).

Ingress ---> Service ---> Workloads (Pods, Deployments, ReplicaSets, ReplicationController, DaemonSet, StatefulSets, Jobs, CronJob)

[Components]
                        |---------> Ingress Controller (Nginx, Istio, Traefik,)
                        |
                        |
Kubernetes Ingress ---------------> Ingress Resource (Ingress Rules)
                        |
                        |
                        |---------> Ingress Proxy
● Ingress Resource
It is responsible for storing DNS routing rules in the cluster.
● Ingress Controller
It is responsible for routing by accessing the DNS rules applied through Ingress Resource.
● Ingress Proxy
It route external HTTP traffic to services and their endpoints.

[Types of Routing]
● Single Service Ingress (OR) default backend Ingress
Where an Ingress has no rules, all traffic is routed to a single default backend. (OR) Ingress by specifying a default backend with no rules.
If none of the hosts or paths in the Ingress objects meets the HTTP message, the traffic is redirected to the default backend.
● Simple Fanout Ingress
It configuration routes traffic from a single IP address to more than one Service, based on the HTTP URI being requested.
It configuration sends traffic from a single IP address to multiple Services depending on the requested HTTP Uniform Resource Identifier(URI).
● Host-based routing Ingress (OR) Name-Based Virtual Hosting
It support routing HTTP traffic to multiple host names at the same IP address.
The routing requests with the host header foo.example.com to one group of services and the host header bar.example.com to another group.
● Path-based routing Ingress
The routing requests with the URI that starts with /serviceA to service A and requests with the URI that starts with /serviceB to service B.
● TLS
It secure an Ingress by specifying a Secret that contains a TLS private key and certificate.
Ingress resource only supports a single TLS port, 443.
TLS secret must contain keys named tls.crt and tls.key that contain the certificate and private key to use for TLS.

[Types of Path]
● ImplementationSpecific
With this path type, matching is up to the IngressClass.
● Exact
Matches the URL path exactly and with case sensitivity.
● Prefix
Matches based on a URL path prefix split by /.
Matching is case sensitive and done on a path element by element basis.
A path element refers to the list of labels in the path split by the / separator.

[Ingress Controllers]
Ingress controllers in Kubernetes are resources that accept traffic from the internet and load balance it to applications (usually in the form of running pods).
Ingress controllers abstract away the complexity of routing traffic to applications running within a Kubernetes cluster.
Ingress controller is a daemon running in a Pod that watches the /ingresses endpoint on the API server.
When a new endpoint is created, the daemon uses the configured set of rules to allow traffic into a service.
There are several types of Ingress Controllers.
● Istio
$ istioctl install --set profile=PROFILE_NAME -y
● Nginx
Kubernetes itself implement and maintain an Nginx Ingress Controller. 
● Traefik
$ helm repo add traefik https://helm.traefik.io/traefik         (OR)            $ helm repo add traefik https://traefik.github.io/charts
$ helm repo update
$ helm install traefik traefik/traefik
create a Namespace.
$ kubectl create ns traefik-v2
install a Traefik in a specific Namespace.
$ helm install --namespace=traefik-v2 traefik traefik/traefik
exposing the Traefik dashboard.
$ kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
● HAProxy (High Availability Proxy)
$ helm repo add haproxy-ingress https://haproxy-ingress.github.io/charts
$ helm install haproxy-ingress haproxy-ingress/haproxy-ingress --create-namespace --namespace=ingress-controller --version 0.12 -f haproxy-ingress-values.yaml

[Load Balancer]
● MetalLB
It is a external Load Balancer used for bare metal Kubernetes clusters.
It is a project of a load-balancer implementation for bare metal Kubernetes clusters, using standard routing protocols.
When a LoadBalancer service is requested MetalLB allocates an IP address from the configured range and makes the network aware that the IP in the cluster.
$ helm repo add metallb https://metallb.github.io/metallb
$ helm repo update
$ helm install metallb metallb/metallb

[Certificates]
● Cert Manager
