Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@taking

taking/Ingress-nginx-helm.md

Last active November 25, 2022 06:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save taking/341d49802a74b36ae7ef6255e15a2021 to your computer and use it in GitHub Desktop.
Save taking/341d49802a74b36ae7ef6255e15a2021 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Ingress-nginx-helm.md

Ingress-nginx Installation with Helm

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+

helm update

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Install

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace ingress-nginx

Check

kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \
  --selector=app.kubernetes.io/component=controller \
  --timeout=120s

POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version

cat <<EOF | kubectl apply -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: www-example-com-certificate
  namespace: default
spec:
  dnsNames:
    - "*.example.com"
  secretName: www-example-com-domain-tls
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt-staging
EOF

NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace default get services -o wide -w ingress-nginx-controller'

An example Ingress that makes use of the controller:

  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    annotations:
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: "letsencrypt-staging"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    name: example
    namespace: foo
  spec:
    rules:
      - host: www.example.com
        http:
          paths:
            - backend:
                service:
                  name: exampleService
                  port:
                    number: 8080
              path: /
              # Prefix, ImplementationSpecific
              pathType: Prefix
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: www-example-com-domain-tls
@taking
Copy link
Author

taking commented Nov 24, 2022
edited 

_DOMAIN="dev-t.xyz"
cat <<EOF > dex-ingress.yaml
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: dex-certificate
  namespace: dex
spec:
  secretName: dex-domain-tls
  issuerRef:
    group: cert-manager.io
    kind: ClusterIssuer
    name: letsencrypt-staging
  commonName: ${_DOMAIN}
  dnsNames:
  - sso.${_DOMAIN}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dex-ingress
  namespace: dex
  annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-staging"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

spec:
  tls:
  - hosts:
    - sso.${_DOMAIN}
    secretName: dex-domain-tls
  rules:
  - host: sso.${_DOMAIN}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: dex
            port:
              number: 5556

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment