Quiz: API Gateways & Ingress¶

3 questions

L0 (1 questions)¶

1. What is the role of an ingress controller in Kubernetes, and how does it differ from a LoadBalancer service per app?

Show answer

An ingress controller is a reverse proxy running inside the cluster that routes external traffic to the correct backend service based on hostnames and paths. Instead of each service getting its own cloud load balancer (expensive and unmanageable), one ingress controller handles routing for all services, terminates TLS, and can apply rate limiting and authentication at the edge.

L1 (1 questions)¶

1. What are the three TLS modes at an ingress controller, and when would you use each?

Show answer

Termination: TLS ends at the ingress, HTTP to backend — most common and simplest. Re-encryption: TLS at ingress, new TLS connection to backend — when backends require TLS. Passthrough: ingress forwards raw TCP, backend handles TLS — for end-to-end encryption when the ingress must not see plaintext. Use termination by default unless you have a specific reason for passthrough.

L2 (1 questions)¶

1. How does the Kubernetes Gateway API improve over the traditional Ingress resource?

Show answer

Gateway API is role-oriented (separates Gateway objects managed by infra teams from Route objects managed by app teams), supports native traffic splitting for canary and blue-green deployments, header-based routing, request/response manipulation, and cross-namespace references. Traditional Ingress relies on controller-specific annotations for advanced features, which are non-portable and fail silently on typos.