Hey there, setting up an Ingress Controller on your Kubernetes cluster? After reading through many articles and the official docs, I was still having a hard time setting up Ingress. But after numerous attempts I managed to setup an nginx-ingress-controller to forward outside traffic to my in-cluster services, handling HTTP and HTTPS. This writeup is a step by step guide to do this. nginx-ingress-controller nginx-ingress-controller Pssst… incase you are a newbie to Kubernetes like me, here is a nice writeup that explains Ingresses. Kubernetes Ingress_A lot of people seem confused about how Ingress works in Kubernetes and questions come up almost daily in Slack. It’s…_medium.com Kubernetes Ingress Kubernetes Ingress _A lot of people seem confused about how Ingress works in Kubernetes and questions come up almost daily in Slack. It’s…_medium.com The Scene We will setup a simple “hello-world” api and expose the api using the nginx-ingress-controller on a local cluster using Minikube. nginx-ingress-controller nginx-ingress-controller Minikube Minikube TL;DR — Here is a boilerplate that reflects what is explained. TL;DR — Here is a boilerplate that reflects what is explained. Here Steps Step 1: Creating the service to be exposed Assuming that you already have Kubectl and Minikube setup, let’s deploy our hello-world api and expose it within our cluster as a NodePort Service. We will be using a simple api for the purpose of the demo. The source code can be found here. hello-world NodePort Service NodePort Service here here The config file consists of the deployment and the service. Normally we separate them into individual files. kubectl create -f hello-world.yaml Now you should be able to see the created resources when you run kubectl get all | grep hello-world Step 2: Creating a default backend to be used by the nginx-ingress-controller We need to provide a default backend for the ingress-controller. The default backend is the default service that Nginx falls backs to if it cannot route a request successfully. The default backend needs to satisfy the following two requirements : default backend default backend serves a 404 page at / serves 200 on a /healthz serves a 404 page at / serves 200 on a /healthz The nginx-ingress-controller project has an example default backend. kubectl create -f default-backend.yaml kubectl create -f default-backend.yaml Step 3: Creating secrets to specify the SSL certificate for Nginx Create a self-signed certificate using OpenSSL. The common name specified while generating the SSL certificate should be used as the host in your ingress config. We create secrets for the given key, certificate and dhparam files. Use corresponding file names for the key, certificate and dhparam. Create a self-signed certificate using OpenSSL common name common name host host kubectl create secret tls tls-certificate --key <key-file>.key --cert <certificate-file>.crt kubectl create secret generic tls-dhparam --from-file=<dhparam-file>.pem kubectl create secret generic tls-dhparam --from-file=<dhparam-file>.pem Step 4: Enable ingress on Minikube Minikube versions > v0.14.0 ships with Nginx ingress setup as an add-on. It can be enabled by simply running: v0.14.0 v0.14.0 minikube addons enable ingress Enabling the add-on provisions the following: a configMap for the Nginx loadbalancer. the nginx-ingress-controller. a service that exposes a default Nginx backend pod for handling unmapped requests. a configMap for the Nginx loadbalancer. configMap configMap the nginx-ingress-controller. nginx- ingress-controller ingress-controller a service that exposes a default Nginx backend pod for handling unmapped requests. service Step 5: Setting up the nginx-ingress-controller Now we create a service for the controller. The service is of type LoadBalancer so that it is exposed outside the cluster. LoadBalancer LoadBalancer The config consists of the deployment and service for the nginx-ingress. The following can be observed from the config : The secret for the default SSL certificate and default-backend-service are passed as args. The image nginx-ingress-controller:0.9.0-beta.5 is used. I have tried the later beta releases. This seems to be a more stable for our usecase. The tls-dhparam secret is mounted on a volume to be used by the controller. The secret for the default SSL certificate and default-backend-service are passed as args. default SSL certificate default SSL certificate default-backend-service default-backend-service The image nginx-ingress-controller:0.9.0-beta.5 is used. I have tried the later beta releases. This seems to be a more stable for our usecase. nginx-ingress-controller:0.9.0-beta.5 The tls-dhparam secret is mounted on a volume to be used by the controller. tls-dhparam tls-dhparam Create the controller by running: kubectl create -f nginx-controller.yaml We should be able to see the created resources with the exposed IP address after a few seconds. To get the IP on Minikube run. minikube service nginx-ingress --url Running a Curl request to the exposed endpoint should give us a response from the default-backend as we still haven’t configured our ingress to point to our hello-world api. Curl default-backend curl http://<nginx-service-IP>:<port> http://<nginx-service-IP>: default backend - 404% Step 6: Configure Ingress rules Coming to the part where we will be spending most of our time. We provide the forwarding rules to the ingress. We use annotations here to pass configuration params to the underlying ingress-controller, Nginx in our case. You can find more about annotations here. here here nginx.org/ssl-services is used to specify the service that is to be load balanced using HTTPS We specify the hosts, paths and their corresponding service handlers. nginx.org/ssl-services is used to specify the service that is to be load balanced using HTTPS nginx.org/ssl-services nginx.org/ssl-services nginx.org/ssl-services is used to specify the service that is to be load balanced using HTTPS We specify the hosts, paths and their corresponding service handlers. kubectl create -f ingress.yaml We now have an Nginx web server configured that routes traffic for api.sample.com to our configured hello-world-svc. It falls back to the default-backend service for unhandled requests. api.sample.com api.sample.com hello-world-svc hello-world-svc default-backend service default-backend service Also you might want to update /etc/hosts file to resolve your host to your minikube IP. Assuming your Minikube IP is 192.168.99.101 Your entry should look like. /etc/hosts 192.168.99.101 192.168.99.101 api.sample.com You should be able to access the exposed endpoints via https. GET api.sample.com/:namePOST api.sample.com/:namePUT api.sample.com/:name Adding the annotation ingress.kubernetes.io/ssl-redirect: “true” to the ingress.yaml config enables traffic through HTTP and HTTPS. ingress.kubernetes.io/ssl-redirect: “true” ingress.yaml Conclusion Conclusion Ingress does allow you to configure multiple Virtual Hosts, Sticky sessions, Path rewrites and also custom configs, providing a powerful, flexible routing mechanism for Kubernetes. For more info on nginx-ingress-controller visit https://github.com/nginxinc/kubernetes-ingress https://github.com/nginxinc/kubernetes-ingress https://github.com/nginxinc/kubernetes-ingress A similar procedure can be used to deploy to AWS, GKE instead of Minikube. Kubernetes and Ingress in particular is constantly evolving I will try my best to keep this updated. Boy Scout Oath. Kubernetes and Ingress in particular is constantly evolving I will try my best to keep this updated. Boy Scout Oath. Boy Scout Oath. Good Reads https://medium.com/@Oskarr3/setting-up-ingress-on-minikube-6ae825e98f82 http://danielfm.me/posts/painless-nginx-ingress.html https://daemonza.github.io/2017/02/13/kubernetes-nginx-ingress-controller/ https://medium.com/@Oskarr3/setting-up-ingress-on-minikube-6ae825e98f82 https://medium.com/@Oskarr3/setting-up-ingress-on-minikube-6ae825e98f82 http://danielfm.me/posts/painless-nginx-ingress.html http://danielfm.me/posts/painless-nginx-ingress.html https://daemonza.github.io/2017/02/13/kubernetes-nginx-ingress-controller/ https://daemonza.github.io/2017/02/13/kubernetes-nginx-ingress-controller/ Hope you enjoyed reading this as much as I enjoyed writing it. If you think this will be of help to someone? Do not hesitate to share. If you liked it, tap the clap below so other people will see this here on Medium. Don’t forget to show some love by following the blog! Hope you enjoyed reading this as much as I enjoyed writing it. If you think this will be of help to someone? Do not hesitate to share. If you liked it, tap the clap clap below so other people will see this here on Medium. Don’t forget to show some love by following the blog! following the blog! *Update on 11 November 2018* Added RBAC in the example setup. Thanks to Jens Madsen for his contribution. *Update on 11 November 2018* Added RBAC in the example setup. Thanks to Jens Madsen for his contribution. *Update on 11 November 2018* *Update on 11 November 2018* Jens Madsen