Sysadmin profile picture
Kubernetes Red hat linux

Deploy NGINX Ingress Controller on AKS Kubernetes using Helm

Prabath ThalangamaComment(0)

Step 1 – Allocate Public IP for Ingress

The following command will allocate Public IP :

az network public-ip create --resource-group [resource-group] --name [name for public IP] --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv

Step 2 – Install NGINX Ingress Controller using Helm

An ingress controller, because it is a core component of Kubernetes, requires specific configuration to be performed at the cluster level as part of installation. Let’s look into what happens behind the scenes when you install NGINX ingress using helm. If you’d like to skip this, navigate to the bottom of this section to see the actual steps to install the NGINIX ingress controller.

The recommended configuration for NGINX uses three Kubernetes ConfigMaps:

  • Base Deployment
  • TCP configuration
  • UDP configuration

A Kubernetes service account is required to run NGINX as a service within the cluster. The service account needs to have following roles:

  • A cluster role to allow it to get, list, and read the configuration of all services and events. This role could be limited if you were to have multiple ingress controllers installed within the cluster. But in most cases, limiting access for this service account may not be needed.
  • A namespace-specific role to read and update all the ConfigMaps and other items that are specific to the NGINX Ingress controller’s own configuration.

To install an NGINX Ingress controller using Helm, add the nginx-stable repository to helm, then run helm repo update . After we have added the repository we can deploy using the chart nginx-stable/nginx-ingress.

helm install nginx-ingress-private ingress-nginx/ingress-nginx\
    --namespace default \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set controller.service.externalTrafficPolicy=Local \
    --set controller.service.loadBalancerIP="13.76.180.173"

Step 3 – Exposing Services using NGINX Ingress Controller

kind: Ingress
metadata:
  annotations:
    directus.kubernetes.io/ssl-redirect: "true"
  name: ingress.sysadmin.lk
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: ingress.sysadmin.lk
    http:
      paths:
      - backend:
          service:
            name: uat-directus-service
            port:
              number: 80
        path: /
        pathType: Prefix
      - backend:
          service:
            name: uat-webform-service
            port:
              number: 80
        path: /webform
        pathType: Prefix
      - backend:
          service:
            name: uat-webrtc-service
            port:
              number: 5000
        path: /webrtc
        pathType: Prefix
      - backend:
          service:
            name: uat-selfcare-service
            port:
              number: 80
        path: /selfcare
        pathType: Prefix
  tls:
  - hosts:
    - ingress.sysadmin.lk
    secretName: ingress.sysadmin.lk
status:
  loadBalancer:
    ingress:
    - ip: 52.230.82.117

Step 4 – Create SSL certificate secret

# Create base64 encoded certificate
cat cb80b395ca0cbe48.crt > bundle_cert.crt
cat gd_bundle-g2-g1.crt >> bundle_cert.crt
cat bundle_cert.crt |  base64 -w0
# Create base64 encoded key
cat keyfile |  base64 -w0

Create secret file as below with base64 encoded key and certificate files.

apiVersion: v1
data:
  tls.crt:  <>  
  tls.key: <>
kind: Secret
metadata:  
	name: uat-gateway.hemashospitals.com  
	namespace: default
type: kubernetes.io/tls

Loading

Prabath Thalangama
Web: sysadmin.lk
Email: inbox [at] sysadmin.lk
LinkedIn: https://www.linkedin.com/in/prabatht
Facebook: https://www.facebook.com/prabath.hinoize

Related Articles

Sysadmin Logo
Red hat linux Virtualization

Renewing Ovirt Engine certificates before they expire

Prabath Thalangama

In Red Hat Virtualization earlier than version 4.4 SP1, all certificates followed a 398 day lifetime. Starting in Red Hat Virtualization version 4.4 SP1, the self-signed internal certificates between hypervisors and the Manager follow a five year lifetime. Certificates visible to web browsers still follow the standard 398 day lifetime and must be renewed once […]
Red hat linux

Set Up and Use Yum Repositories on Redhat / CentOS

Prabath Thalangama

We can install new software on Red Hat/CentOS Linux with “yum install packagename” command from console. Running this command first checks for existing YUM Repository configuration files in /etc/yum.repos.d/ directory. It reads each YUM Repository configuration file to get the information required to download and install new software, resolves software dependencies and installs the required […]

Loading
MySQL Red hat linux

How to gracefully reboot MariaDB Galera Cluster servers?

Prabath Thalangama

Cluster Configuration In this example configuration of two nodes, we assume that the servers are connected over private network. This allows direct connections without requiring SSH tunnels. The most important parts is to enable listening on IP protocol and to configure addresses and names of the cluster nodes. The config files are similar for each […]

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *