This note compares the three core Kubernetes networking abstractions: Service, Ingress and Gateway.
🔁 Side-by-Side Comparison
| Feature | Service | Ingress | Gateway |
|---|---|---|---|
| Layer | L4 (TCP/UDP) | L7 (HTTP/HTTPS) | L4–L7 (multi-protocol) |
| Purpose | Routes to Pods | HTTP reverse proxy to Services | Modular routing with Routes |
| TLS Support | ❌ | ✅ (with controller) | ✅ (first-class support) |
| Host/Path Routing | ❌ | ✅ | ✅ |
| External Exposure | NodePort / LB | Ingress Controller + LB | Gateway Listener + Routes |
| Extensibility | Low | Medium | High |
| Controller Needed | ❌ | ✅ | ✅ |
| Modern? | ✅ | ⚠️ Legacy-ish | ✅ (recommended) |
🖼️ Diagram: Ingress vs Gateway vs Service (Direct Access)
flowchart TB Client["Client"] Gateway Path Gateway["Gateway Listener"] Route["HTTPRoute"] GatewaySvc["Service B (via Gateway)"] PodB["Pod B"] Flows Client --> Ingress --> IngressSvc --> PodA Client --> Gateway --> Route --> GatewaySvc --> PodB Client --> LoadBalancer --> DirectSvc --> PodC %% Styling style Ingress fill:#faa,stroke:#333 style Gateway fill:#aff,stroke:#333 style LoadBalancer fill:#efe,stroke:#333 style IngressSvc fill:#bbf,stroke:#333 style GatewaySvc fill:#bbf,stroke:#333 style DirectSvc fill:#bbf,stroke:#333 style PodA fill:#ddd,stroke:#333 style PodB fill:#ddd,stroke:#333 style PodC fill:#ddd,stroke:#333