How to Set Up Kubernetes Ingress with Nginx

How to Set Up Kubernetes Ingress with Nginx

An Ingress controller manages external HTTP and HTTPS access to services inside your Kubernetes cluster. The Nginx Ingress Controller is the most widely used option, providing TLS termination, path-based routing, and virtual host support. This guide shows you how to set it up on your Breeze cluster.

Installing the Nginx Ingress Controller

Deploy the Nginx Ingress Controller using Helm:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx --create-namespace \
  --set controller.service.type=LoadBalancer

Verify the controller pod is running and the LoadBalancer has an external IP:

kubectl -n ingress-nginx get pods
kubectl -n ingress-nginx get svc ingress-nginx-controller

Creating a Basic Ingress Resource

Route traffic to a backend service based on hostname:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-app-service
            port:
              number: 80

Path-Based Routing

Route different URL paths to different backend services:

spec:
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /api
        pathType: Prefix
        backend:
          service:
            name: api-service
            port:
              number: 8080
      - path: /
        pathType: Prefix
        backend:
          service:
            name: frontend-service
            port:
              number: 3000

TLS Termination

Enable HTTPS by adding a TLS section and referencing a Kubernetes Secret containing the certificate:

apiVersion: v1
kind: Secret
metadata:
  name: app-tls-secret
type: kubernetes.io/tls
data:
  tls.crt: <base64-encoded-cert>
  tls.key: <base64-encoded-key>
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress-tls
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - app.example.com
    secretName: app-tls-secret
  rules:
  - host: app.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-app-service
            port:
              number: 80

Automatic TLS with cert-manager

Install cert-manager to automatically provision and renew certificates:

helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager --create-namespace \
  --set crds.enabled=true

Then annotate your Ingress to request a certificate automatically:

annotations:
  cert-manager.io/cluster-issuer: letsencrypt-prod

Useful Annotations

• nginx.ingress.kubernetes.io/ssl-redirect: "true" — force HTTPS
• nginx.ingress.kubernetes.io/proxy-body-size: "50m" — increase upload limit
• nginx.ingress.kubernetes.io/rate-limit: "10" — rate limit requests per second
• nginx.ingress.kubernetes.io/cors-allow-origin: "*" — enable CORS

Point your domain DNS to the Ingress controller external IP, and your Breeze Kubernetes services become accessible to the outside world with proper TLS and routing.