Sysadmin profile picture
Kubernetes Red hat linux

Deploy NGINX Ingress Controller on AKS Kubernetes using Helm

Prabath ThalangamaComment(0)

Step 1 – Allocate Public IP for Ingress

The following command will allocate Public IP :

az network public-ip create --resource-group [resource-group] --name [name for public IP] --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv

Step 2 – Install NGINX Ingress Controller using Helm

An ingress controller, because it is a core component of Kubernetes, requires specific configuration to be performed at the cluster level as part of installation. Let’s look into what happens behind the scenes when you install NGINX ingress using helm. If you’d like to skip this, navigate to the bottom of this section to see the actual steps to install the NGINIX ingress controller.

The recommended configuration for NGINX uses three Kubernetes ConfigMaps:

  • Base Deployment
  • TCP configuration
  • UDP configuration

A Kubernetes service account is required to run NGINX as a service within the cluster. The service account needs to have following roles:

  • A cluster role to allow it to get, list, and read the configuration of all services and events. This role could be limited if you were to have multiple ingress controllers installed within the cluster. But in most cases, limiting access for this service account may not be needed.
  • A namespace-specific role to read and update all the ConfigMaps and other items that are specific to the NGINX Ingress controller’s own configuration.

To install an NGINX Ingress controller using Helm, add the nginx-stable repository to helm, then run helm repo update . After we have added the repository we can deploy using the chart nginx-stable/nginx-ingress.

helm install nginx-ingress-private ingress-nginx/ingress-nginx\
    --namespace default \
    --set controller.replicaCount=2 \
    --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
    --set controller.service.externalTrafficPolicy=Local \
    --set controller.service.loadBalancerIP="13.76.180.173"

Step 3 – Exposing Services using NGINX Ingress Controller

kind: Ingress
metadata:
  annotations:
    directus.kubernetes.io/ssl-redirect: "true"
  name: ingress.sysadmin.lk
  namespace: default
spec:
  ingressClassName: nginx
  rules:
  - host: ingress.sysadmin.lk
    http:
      paths:
      - backend:
          service:
            name: uat-directus-service
            port:
              number: 80
        path: /
        pathType: Prefix
      - backend:
          service:
            name: uat-webform-service
            port:
              number: 80
        path: /webform
        pathType: Prefix
      - backend:
          service:
            name: uat-webrtc-service
            port:
              number: 5000
        path: /webrtc
        pathType: Prefix
      - backend:
          service:
            name: uat-selfcare-service
            port:
              number: 80
        path: /selfcare
        pathType: Prefix
  tls:
  - hosts:
    - ingress.sysadmin.lk
    secretName: ingress.sysadmin.lk
status:
  loadBalancer:
    ingress:
    - ip: 52.230.82.117

Step 4 – Create SSL certificate secret

# Create base64 encoded certificate
cat cb80b395ca0cbe48.crt > bundle_cert.crt
cat gd_bundle-g2-g1.crt >> bundle_cert.crt
cat bundle_cert.crt |  base64 -w0
# Create base64 encoded key
cat keyfile |  base64 -w0

Create secret file as below with base64 encoded key and certificate files.

apiVersion: v1
data:
  tls.crt:  <>  
  tls.key: <>
kind: Secret
metadata:  
	name: uat-gateway.hemashospitals.com  
	namespace: default
type: kubernetes.io/tls

Loading

Prabath Thalangama
Web : sysadmin.lkEmail : inbox [at] sysadmin.lkLinkedin : https://www.linkedin.com/in/prabathtFacebook : https://www.facebook.com/prabath.hinoize

Related Articles
Red hat linux

Setting up the Basic High-Availability Cluster on Centos/RHEL 7

Prabath Thalangama

Networking: We have two nodes that are reachable by below Networks: 10.1.1.0/24 : Cluster heartbeat vlan. 172.16.1.0/24 : LAN with access to the Internal LAN network and Internet. We have set the following hostnames: [master ~]# hostnamectl set-hostname master.sysadmin.lk [client ~]# hostnamectl set-hostname client.sysadmin.lk We defined the Hostname and IP Address in “/etc/hosts” file(On both […]
Red hat linux Web Hosting

How to install, setup and configure an OpenVPN Service on CentOS 5

Prabath Thalangama

In this tutorial, we will learn how to install, setup and configure an OpenVPN Service on CentOS 5 as well as configuring the firewall to allow vpn traffic. Clients configuration will be done in the linked article, available at the bottom of this tutorial. Topology used in this scenario: 1 Ethernet card (eth0) connected to […]

Securing Asterisk IP-PBX with Fail2Ban
Asterisk Red hat linux

Securing Asterisk IP-PBX with Fail2Ban

Prabath Thalangama

What is Fail2Ban? Any service that is exposed to the internet is susceptible to attacks from malicious parties. If your service requires authentication, illegitimate users and bots will attempt to break into your system by repeatedly trying to authenticate using different credentials. A common example of this is with SSH, which will be the subject […]

Leave a Reply

Your email address will not be published. Required fields are marked *