Skip to content

Ingress and Load Balancing

AKS traffic entry points combine Kubernetes Services, Azure load balancers, and one or more ingress controllers. Separate north-south routing from east-west service discovery in your design.

Main Content

flowchart TD
    U[Users] --> PIP[Public IP or Private IP]
    PIP --> LB[Azure Load Balancer]
    LB --> IC[Ingress Controller]
    IC --> SVC[Service]
    SVC --> PODS[Pods]

Core traffic primitives

  • Service type LoadBalancer exposes a workload through an Azure load balancer.
  • Ingress provides HTTP routing, TLS termination strategy, and path/host mapping.
  • Internal load balancer patterns are common for private platform APIs.

Common AKS ingress choices

  • NGINX Ingress Controller for broad Kubernetes ecosystem compatibility.
  • Application Gateway for Containers or app routing add-on when Azure-managed edge integration is preferred.
  • Service meshes or gateway APIs for larger platform-standard traffic controls.

[!WARNING] ingress-nginx upstream maintenance ends in March 2026. In AKS, the application routing add-on can continue using NGINX through November 2026, but Gateway API is the recommended long-term direction for new designs.

Useful commands

kubectl get ingress -A
kubectl get svc -A
kubectl describe ingress <ingress-name> -n <namespace>
az network public-ip list --resource-group MC_<managed-resource-group>_<cluster-name>_<location> --output table

See Also

Sources