Kubernetes ingress.yml Explained

Deep explanation of how NGINX Ingress routes internet traffic to your ClusterIP Service on AKS, including Azure-specific placeholders like the hostname and DNS mapping.

Ingress NGINX AKS DNS

ingress.yml

Routes Host + PathService 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: spring-ui-api-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: REPLACEME_HOSTNAME
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: spring-ui-api-svc
                port:
                  number: 80

Purpose

This Ingress makes your app reachable from outside the cluster by defining: hostname-based routing and path-based routing to a Kubernetes Service.
Ingress does not run by itself—an Ingress Controller (NGINX here) must be installed in AKS to watch these rules and configure the actual reverse proxy.

Traffic flow

Typical end-to-end:
Internet DNS A/CNAME NGINX Ingress LB Ingress rule spring-ui-api-svc:80 Pods:9087
Your Service remains ClusterIP (internal). Ingress is the “public doorway”.

AKS placeholders

REPLACEME_HOSTNAME
The public host users type in the browser, e.g.: spring-ui-api.mycompany.com or a temporary domain like: spring-ui-api.<yourdnszone>.
Critical requirement
This hostname must resolve in DNS to the external IP (or FQDN) of the NGINX Ingress Controller’s LoadBalancer Service.

Field-by-field deep dive

  • apiVersion: networking.k8s.io/v1 is the stable Ingress API version.
  • kind: Ingress defines L7 (HTTP/HTTPS) routing rules for an ingress controller.

name: spring-ui-api-ingress
The Kubernetes object name used to manage this Ingress (get/describe/apply/delete).

NGINX-specific annotation that rewrites the request URI before proxying to your backend service.

Your value: /
This commonly means “rewrite whatever matched to /”. In more complex setups (e.g., hosting multiple apps under /app1, /app2), rewrite rules prevent backend apps from needing awareness of the external path prefix.
Important nuance
With path: / and pathType: Prefix, rewriting to / is often harmless, but in some applications it can break deep-linking if you later change the path to something like /ui. Keep it only if you need path prefix hosting.

Tells Kubernetes which ingress controller should implement this Ingress resource.

Meaning
“The controller registered as nginx should watch and configure routing for this Ingress.” In AKS this is typically the community NGINX Ingress Controller installed via Helm or YAML.

Host-based routing means the Ingress rule matches the HTTP Host header (what the browser requests, e.g., spring-ui-api.mycompany.com).

What you replace it with
A real DNS name you control. For example:
  • spring-ui-api.dev.mycompany.com
  • spring-ui-api.qa.mycompany.com
  • spring-ui-api.prod.mycompany.com
What must exist in Azure DNS
A DNS record pointing this hostname to the NGINX ingress controller’s public endpoint:
  • A record → Ingress controller external IP
  • or CNAME → Ingress controller public FQDN
AKS reality
The Ingress resource does not allocate a public IP by itself. The public IP comes from the NGINX Ingress Controller’s Service type: LoadBalancer.

path: /
Matches everything under the root path. With Prefix, requests like /, /architecture, /actuator/health all match and route to the backend.
pathType: Prefix
Prefix matching means “any request whose path starts with /”. This is the broadest match and effectively routes all paths.

The Ingress proxies traffic to a Kubernetes Service, not directly to Pods. This gives stable service discovery, load balancing, and decoupling from Pod churn.

service.name: spring-ui-api-svc
Must match the Service resource name you created in your Service YAML.
service.port.number: 80
This is the Service port (cluster-internal port). The Service then forwards to targetPort: 9087 and ultimately to the container port.
Ingress → Service:80 Service → targetPort:9087 Pod containerPort:9087

Placeholder resolution for Azure AKS

REPLACEME_HOSTNAME

Replace with the DNS name you want to expose publicly for this app.
Example
spring-ui-api.dev.yourcompany.com
What you must configure in Azure
  • Install NGINX Ingress Controller in AKS (it creates a LoadBalancer Service)
  • Get the controller’s public IP/FQDN
  • Create DNS A/CNAME record pointing your hostname to that IP/FQDN

Related dependency placeholders

This Ingress depends on your previously created Service. These names must match exactly.
  • Service name used by Ingress spring-ui-api-svc
  • Service port Ingress targets 80
  • Container port Service forwards to 9087
Common mismatch
If the Service name/port differs from the Ingress backend reference, the Ingress controller will return 502/503 because it can’t route to a valid upstream.