Sysadmin profile picture
Kubernetes Red hat linux

Deploy NGINX Ingress Controller on AKS Kubernetes using Helm

Prabath ThalangamaComment(0)

Step 1 – Allocate Public IP for Ingress

The following command will allocate Public IP :

az network public-ip create --resource-group [resource-group] --name [name for public IP] --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv

Step 2 – Install NGINX Ingress Controller using Helm

An ingress controller, because it is a core component of Kubernetes, requires specific configuration to be performed at the cluster level as part of installation. Let’s look into what happens behind the scenes when you install NGINX ingress using helm. If you’d like to skip this, navigate to the bottom of this section to see the actual steps to install the NGINIX ingress controller.

The recommended configuration for NGINX uses three Kubernetes ConfigMaps:

  • Base Deployment
  • TCP configuration
  • UDP configuration

A Kubernetes service account is required to run NGINX as a service within the cluster. The service account needs to have following roles:

  • A cluster role to allow it to get, list, and read the configuration of all services and events. This role could be limited if you were to have multiple ingress controllers installed within the cluster. But in most cases, limiting access for this service account may not be needed.
  • A namespace-specific role to read and update all the ConfigMaps and other items that are specific to the NGINX Ingress controller’s own configuration.

To install an NGINX Ingress controller using Helm, add the nginx-stable repository to helm, then run helm repo update . After we have added the repository we can deploy using the chart nginx-stable/nginx-ingress.

helm install nginx-ingress-private ingress-nginx/ingress-nginx\
    --namespace default \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set controller.service.externalTrafficPolicy=Local \
    --set controller.service.loadBalancerIP="13.76.180.173"

Step 3 – Exposing Services using NGINX Ingress Controller

kind: Ingress
metadata:
  annotations:
    directus.kubernetes.io/ssl-redirect: "true"
  name: ingress.sysadmin.lk
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: ingress.sysadmin.lk
    http:
      paths:
      - backend:
          service:
            name: uat-directus-service
            port:
              number: 80
        path: /
        pathType: Prefix
      - backend:
          service:
            name: uat-webform-service
            port:
              number: 80
        path: /webform
        pathType: Prefix
      - backend:
          service:
            name: uat-webrtc-service
            port:
              number: 5000
        path: /webrtc
        pathType: Prefix
      - backend:
          service:
            name: uat-selfcare-service
            port:
              number: 80
        path: /selfcare
        pathType: Prefix
  tls:
  - hosts:
    - ingress.sysadmin.lk
    secretName: ingress.sysadmin.lk
status:
  loadBalancer:
    ingress:
    - ip: 52.230.82.117

Step 4 – Create SSL certificate secret

# Create base64 encoded certificate
cat cb80b395ca0cbe48.crt > bundle_cert.crt
cat gd_bundle-g2-g1.crt >> bundle_cert.crt
cat bundle_cert.crt |  base64 -w0
# Create base64 encoded key
cat keyfile |  base64 -w0

Create secret file as below with base64 encoded key and certificate files.

apiVersion: v1
data:
  tls.crt:  <>  
  tls.key: <>
kind: Secret
metadata:  
	name: uat-gateway.hemashospitals.com  
	namespace: default
type: kubernetes.io/tls

Loading

Prabath Thalangama
Web : sysadmin.lkEmail : inbox [at] sysadmin.lkLinkedin : https://www.linkedin.com/in/prabathtFacebook : https://www.facebook.com/prabath.hinoize

Related Articles
Red hat linux

Check SSL Certificate mismatch

Prabath Thalangama

You can check if an SSL certificate matches a Private Key by using the 3 easy commands below. For your SSL certificate: openssl x509 -noout -modulus -in <file>.crt | openssl md5 For your RSA private key: openssl rsa -noout -modulus -in <file>.key | openssl md5 For your CSR: openssl req -noout -modulus -in <file>.csr | […]
Red hat linux

How To Save All Docker Images And Copy/Move To Another Host?

Prabath Thalangama

Follow the below steps to export all docker images and import them to another system. Step #1 Export or save all images to one tar file. docker save $(docker images –format ‘{{.Repository}}:{{.Tag}}’) -o allimages.tar Step #2 scp -i key.pem rocky@192.168.1.1:/tmp/allimages.tar . Step #3 Load all images to docker on new host. docker load -i allimages.tar
MySQL Red hat linux

How to gracefully reboot MariaDB Galera Cluster servers?

Prabath Thalangama

Cluster Configuration In this example configuration of two nodes, we assume that the servers are connected over private network. This allows direct connections without requiring SSH tunnels. The most important parts is to enable listening on IP protocol and to configure addresses and names of the cluster nodes. The config files are similar for each […]

Leave a Reply

Your email address will not be published. Required fields are marked *