If I expose a (single) web service (say http://a.b.c.d or https://a.b.c.d) on a (small) Kubernetes 1.13 cluster, what is the benefit of using Ingress over a Service of type ClusterIP with externalIPs [ a.b.c.d ] alone?
The address a.b.c.d is routed to one of my cluster nodes. Ingress requires installing and maintaining an ingress controller, so I am wondering when this is justified.
I've now come across a first concrete example where I see concrete benefit from using Ingress over a Service with externalIPs.
A private Docker registry inside a Kubernetes cluster normally requires TLS credentials. With the Docker image registry:2 one would have to mount those credentials e.g. from a ConfigMap into the container and have certain environment variables in the container (e.g. REGISTRY_HTTP_TLS_CERTIFICATE) point to them.
As long as one can tolerate insecure access to the registry inside the cluster this becomes easier to mange with Ingress. Certificates can be put into a Secret which the Ingress resource can point to (kubectl explain ingress.spec.tls.secretName). There is no more need to pay alternative detailed attention to mounts or environment variables. TLS connections will be terminated at the ingress controller.