A Kubernetes Ingress regulates access to services within your cluster; it routes HTTP and HTTPS traffic from outside your Kubernetes cluster to services within your cluster. This also explains the origin of the name Ingress, as Ingress signifies the "action of going into somewhere".
Routing of traffic through an Ingress is governed by rules defined in an 'Ingress resource'. Such a resource often takes the form of a .yaml file that you deploy on your cluster.
An Ingress can provide services with externally accessible URLs, load balancing of traffic, SSL/TLS termination, and name-based virtual hosting. An Ingress resource itself does not expose ports or protocols to the public internet. For that purpose, a LoadBalancer or NodePort type service is used.
To use an Ingress, you need an 'Ingress Controller'. Typically, a reverse proxy web server such as Nginx Ingress Controller is used as the Ingress Controller, but HaProxy and Traefik also have implementations as Ingress Controllers.
Schematically, the positioning of an Ingress in a cluster looks like this:
For a practical example that puts this overview in a broader context, refer to our guide 'Configuring an Nginx Ingress Controller in Kubernetes'.