helm for nginx ingress controller

by walter

Table of Contents
  • 🧭 Helm to install the NGINX Ingress Controller
  • 🔒 HTTPS termination using a self-signed TLS secret (or you can replace with cert-manager later)
  • 🌐 A sample web service (echo server)
  • 📦 An Ingress resource with host routing and HTTPS

📦 Project Structure (1-file setup)

You can copy/paste this into a single script or Helm chart, or apply each YAML one by one.

✅ 1. Create a TLS secret (Self-signed for demo)

openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -subj "/CN=web.example.com/O=web" \
  -keyout tls.key -out tls.crt

kubectl create secret tls web-tls \
  --key tls.key \
  --cert tls.crt \
  --namespace default

✅ 2. Install NGINX Ingress Controller with Helm

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx --create-namespace \
  --set controller.publishService.enabled=true

This gives you a LoadBalancer IP to route traffic externally.

✅ 3. Create Web Service + Ingress (with HTTPS)

# web-app.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 2
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: web
        image: hashicorp/http-echo
        args: ["-text=Hello from HTTPS!"]
        ports:
        - containerPort: 5678

---
apiVersion: v1
kind: Service
metadata:
  name: web
spec:
  selector:
    app: web
  ports:
  - port: 80
    targetPort: 5678

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - web.example.com
    secretName: web-tls
  rules:
  - host: web.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

Apply everything:

kubectl apply -f web-app.yaml

🧪 Test the HTTPS Setup

  1. Find Ingress Controller external IP:
kubectl get svc -n ingress-nginx

Look for EXTERNAL-IP of nginx-ingress-ingress-nginx-controller.

  1. Add this to your /etc/hosts:
<EXTERNAL-IP>  web.example.com
  1. Test with curl:
curl -k https://web.example.com

Output:

Hello from HTTPS!

-k is used to ignore self-signed cert errors for testing.

🧰 Next Steps (Optional)

  • Replace self-signed certs with cert-manager + Let's Encrypt
  • Use Helm values.yaml to manage Ingress and services
  • Automate DNS via Route 53 if you use AWS

Would you like a version of this using cert-manager for automatic HTTPS, or wrapped in a single Helm chart for deployment?

Comments |0|

Legend *) Required fields are marked
**) You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Category: 似水流年