{"id":2075,"date":"2025-06-04T15:07:42","date_gmt":"2025-06-04T07:07:42","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=2075"},"modified":"2025-06-04T15:07:42","modified_gmt":"2025-06-04T07:07:42","slug":"helm-for-nginx-ingress-controller","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=2075","title":{"rendered":"helm for nginx ingress controller"},"content":{"rendered":"<ul>\n<li>\ud83e\udded <strong>Helm<\/strong> to install the <strong>NGINX Ingress Controller<\/strong><\/li>\n<li>\ud83d\udd12 <strong>HTTPS termination<\/strong> using a <strong>self-signed TLS secret<\/strong> (or you can replace with cert-manager later)<\/li>\n<li>\ud83c\udf10 A <strong>sample web service<\/strong> (echo server)<\/li>\n<li>\ud83d\udce6 An <strong>Ingress resource<\/strong> with <code>host<\/code> routing and HTTPS<\/li>\n<\/ul>\n<hr \/>\n<h2>\ud83d\udce6 Project Structure (1-file setup)<\/h2>\n<p>You can copy\/paste this into a single script or Helm chart, or apply each YAML one by one.<\/p>\n<h3>\u2705 1. <strong>Create a TLS secret<\/strong> (Self-signed for demo)<\/h3>\n<pre><code class=\"language-bash\">openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\n  -subj &quot;\/CN=web.example.com\/O=web&quot; \\\n  -keyout tls.key -out tls.crt\n\nkubectl create secret tls web-tls \\\n  --key tls.key \\\n  --cert tls.crt \\\n  --namespace default<\/code><\/pre>\n<hr \/>\n<h3>\u2705 2. <strong>Install NGINX Ingress Controller with Helm<\/strong><\/h3>\n<pre><code class=\"language-bash\">helm repo add ingress-nginx https:\/\/kubernetes.github.io\/ingress-nginx\nhelm repo update\n\nhelm install nginx ingress-nginx\/ingress-nginx \\\n  --namespace ingress-nginx --create-namespace \\\n  --set controller.publishService.enabled=true<\/code><\/pre>\n<blockquote>\n<p>This gives you a <code>LoadBalancer<\/code> IP to route traffic externally.<\/p>\n<\/blockquote>\n<hr \/>\n<h3>\u2705 3. <strong>Create Web Service + Ingress (with HTTPS)<\/strong><\/h3>\n<pre><code class=\"language-yaml\"># web-app.yaml\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: web\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: web\n  template:\n    metadata:\n      labels:\n        app: web\n    spec:\n      containers:\n      - name: web\n        image: hashicorp\/http-echo\n        args: [&quot;-text=Hello from HTTPS!&quot;]\n        ports:\n        - containerPort: 5678\n\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: web\nspec:\n  selector:\n    app: web\n  ports:\n  - port: 80\n    targetPort: 5678\n\n---\napiVersion: networking.k8s.io\/v1\nkind: Ingress\nmetadata:\n  name: web-ingress\n  annotations:\n    nginx.ingress.kubernetes.io\/rewrite-target: \/\nspec:\n  ingressClassName: nginx\n  tls:\n  - hosts:\n    - web.example.com\n    secretName: web-tls\n  rules:\n  - host: web.example.com\n    http:\n      paths:\n      - path: \/\n        pathType: Prefix\n        backend:\n          service:\n            name: web\n            port:\n              number: 80<\/code><\/pre>\n<p>Apply everything:<\/p>\n<pre><code class=\"language-bash\">kubectl apply -f web-app.yaml<\/code><\/pre>\n<hr \/>\n<h2>\ud83e\uddea Test the HTTPS Setup<\/h2>\n<ol>\n<li>Find Ingress Controller external IP:<\/li>\n<\/ol>\n<pre><code class=\"language-bash\">kubectl get svc -n ingress-nginx<\/code><\/pre>\n<p>Look for <code>EXTERNAL-IP<\/code> of <code>nginx-ingress-ingress-nginx-controller<\/code>.<\/p>\n<ol start=\"2\">\n<li>Add this to your <code>\/etc\/hosts<\/code>:<\/li>\n<\/ol>\n<pre><code>&lt;EXTERNAL-IP&gt;  web.example.com<\/code><\/pre>\n<ol start=\"3\">\n<li>Test with curl:<\/li>\n<\/ol>\n<pre><code class=\"language-bash\">curl -k https:\/\/web.example.com<\/code><\/pre>\n<p>Output:<\/p>\n<pre><code>Hello from HTTPS!<\/code><\/pre>\n<blockquote>\n<p><code>-k<\/code> is used to ignore self-signed cert errors for testing.<\/p>\n<\/blockquote>\n<hr \/>\n<h2>\ud83e\uddf0 Next Steps (Optional)<\/h2>\n<ul>\n<li>Replace self-signed certs with <strong>cert-manager<\/strong> + <strong>Let's Encrypt<\/strong><\/li>\n<li>Use <strong>Helm values.yaml<\/strong> to manage Ingress and services<\/li>\n<li>Automate DNS via Route 53 if you use AWS<\/li>\n<\/ul>\n<hr \/>\n<p>Would you like a version of this using <strong>cert-manager for automatic HTTPS<\/strong>, or wrapped in a <strong>single Helm chart<\/strong> for deployment?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83e\udded Helm to install the NGINX Ingress Controller \ud83d\udd12 HTTPS termination using a self-signed TLS secret (or you can replace with cert-manager later) \ud83c\udf10 A sample web service (echo server) \ud83d\udce6 An Ingress resource with host routing and HTTPS \ud83d\udce6 Project Structure (1-file setup) You can copy\/paste this into a single script or Helm chart, [&hellip;] <a class=\"read-more\" href=\"https:\/\/www.fanyamin.com\/wordpress\/?p=2075\" title=\"Permanent Link to: helm for nginx ingress controller\">&rarr;Read&nbsp;more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2075","post","type-post","status-publish","format-standard","hentry","category-5"],"_links":{"self":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2075"}],"collection":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2075"}],"version-history":[{"count":1,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2075\/revisions"}],"predecessor-version":[{"id":2076,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2075\/revisions\/2076"}],"wp:attachment":[{"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fanyamin.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}