If you’re looking to set up an NGINX Ingress controller on DigitalOcean Kubernetes, this guide will show you how. NGINX Ingress controllers are a great way to manage traffic and security for your applications on Kubernetes. By setting up an Ingress controller, you can control which traffic enters and leaves your cluster, and can also enforce rules for how that traffic should behave. To get started, first create a new DigitalOcean account and then create a new Kubernetes cluster. Once the cluster is created, add the following two nodes: one node will act as the NGINX Ingress controller and the other will be used for load balancer services. Next, install NGINX on the NGINX Ingress controller node using the following command: sudo apt-get install nginx 1 sudo apt - get install nginx Next, we’ll need to configure our NGINX Ingress controller to work with Kubernetes. To do this, we’ll need to create a configuration file called nginx-ingress-controller.conf . The contents of this file should look like this: # Configuration file for Nginx ingress controller # # See https://nginx.org/en/docs/nginx/1.14/html/nginx-ingress-controller-configuration.html#configuration-file for more information # server { listen 80; server_name mydomain; return 301 https://$server_name$request_uri; } 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 ..


DigitalOcean’s Managed Kubernetes service simplifies provisioning and maintaining Kubernetes clusters. The platform provides a ready-to-use foundation for containerized workloads with one-click support for common addon applications.

In this article, we’ll show how to use one of these addons to set up an NGINX Ingress controller in your cluster. Ingresses provide a mechanism for routing external traffic to your services based on rules such as hostname, path, and headers. NGINX Ingress is one of the most popular Ingress controllers; it uses the NGINX web server as a reverse proxy that directs incoming traffic to the correct Kubernetes service.

Getting Started

You should create a Kubernetes cluster in your DigitalOcean account before you follow this tutorial. We’ll also assume you’re familiar with the basics of using Kubernetes, Kubectl, and DigitalOcean’s cloud control panel.

Begin by logging into to your DigitalOcean control panel, clicking the “Kubernetes” link in the left sidebar, and selecting your cluster on the page that appears. Next click the “Marketplace” tab to view the list of available 1-Click Apps.

What Are 1-Click Apps?

DigitalOcean’s Kubernetes 1-Click Apps provide pre-configured installations for popular in-cluster applications. The apps are tested by DigitalOcean so they’re guaranteed to work with each available Kubernetes version.

Available apps use the official Helm chart from their vendor. The charts are augmented by default settings supplied by DigitalOcean in an open-source GitHub repository. The DigitalOcean control panel lets you install the available charts with one click, providing an easy way to get up and running with essential utilities. You don’t have to manually install Helm and set up chart repositories.

Installing NGINX Ingress With the 1-Click App

You can now use this technique to add NGINX Ingress to your cluster. Find the app in the marketplace by scrolling down the list or using the searchbar. Click the blue “Install” button on the app’s card and acknowledge the confirmation prompt.

The installation procedure can take several minutes to complete. Progress will be displayed in the web UI. A new load balancer will be automatically added to your account during the app’s set up process. This load balancer will be billed at the standard rate and should be used as the external entrypoint for your cluster.

Your Ingress controller will be ready to use after the installation completes. As the 1-Click App is based on a Helm chart, you can check the app’s been added by listing the Helm releases in your cluster:

The ingress-nginx release was added by DigitalOcean. It shows as deployed so you can start creating Ingress resources to route traffic to your services.

Using Your Ingress Controller

You can test your Ingress controller by creating simple Kubernetes deployment, service, and Ingress resources:

Apply this manifest to your cluster using Kubectl:

The spec.ingressClassName: nginx field in the Ingress resource means it will be registered with the newly installed NGINX Ingress controller. Each controller implementation has its own class name so you can use multiple controllers in one cluster.

Next set up a DNS record for example.com that points to the external IP address of your DigitalOcean load balancer. You can find this by navigating to Networking > Load Balancers in the online control panel or by running the following Kubectl command:

Visiting example.com should show the default Apache webpage once the DNS change takes effect. Your Ingress controller receives the request from the load balancer. It uses your Ingress resources to select an appropriate service, causing requests to example.com to end up with your Apache containers.

Now you can follow the Kubernetes documentation to create Ingress resources that express the service routing rules needed for your real applications.

Adding HTTPS

Endpoints on production clusters should be protected with TLS. You can set up automated HTTPS certificates by adding Cert-Manager to your cluster, alongside the NGINX Ingress Controller.

Cert-Manager is available as an additional 1-Click App from the DigitalOcean Marketplace. You can repeat the procedure used earlier: head to your cluster’s overview page in the control panel, click the “Marketplace” tab, and find and install the application.

After the installation completes, create a certificate issuer that will be used to request Let’s Encrypt certificates:

Change the spec.acme.email field to your own email address so Let’s Encrypt can reach you with notifications about your certificates. Then apply the manifest to your cluster:

Now you can update your Ingress resource with HTTPS support:

The new spec.tls field specifies that a certificate should be acquired for the example.com domain. The letsencrypt-staging certificate issuer will be used, as defined by the cert-manager.io/cluster-issuer annotation.

The example shown above uses Let’s Encrypt’s staging endpoint which is recommended while you’re testing your deployment. You can switch to using real certificates by creating a second issuer that targets the production endpoints. Copy the Issuer manifest above, replace letsencrypt-staging with letsencrypt-production, and change the spec.acme.server URL to https://acme-v02.api.letsencrypt.org/directory. Afterwards you can update your Ingress resource’s cert-manager.io/cluster-issuer annotation to reference your new letsencrypt-production issuer.

Managing Your NGINX Ingress Installation

Unfortunately DigitalOcean’s 1-Click Apps only simplify the installation experience. You’re on your own when it comes to managing and updating your applications. As apps are simply pre-configured Helm charts, this isn’t as onerous as it sounds.

You can use your local Helm CLI installation to upgrade to new NGINX Ingress releases:

You should download the values.yml file from DigitalOcean’s Marketplace repository first. This will ensure the new release is configured with your existing settings. You can also use this procedure to customize your Ingress controller with your own settings after initial installation. Modify the values.yml file and then run the helm upgrade command.

Removing NGINX Ingress From Your Cluster

You can completely remove NGINX Ingress from your cluster by uninstalling the app’s Helm release and deleting the namespace that was created:

The load balancer should be cleaned up automatically. You can manually delete it from the Networking > Load Balancers page in the DigitalOcean control panel if you need to. Click the “More” button next to the load balancer, then choose “Destroy” from the dropdown menu. You won’t be able to recover the IP address that was allocated.

Installing NGINX Ingress With Doctl

You can install 1-Click Apps using DigitalOcean’s Doctl command-line client. Begin by retrieving the list of your Kubernetes clusters:

Next run the following command to add NGINX Ingress to your cluster. Replace with the ID that was displayed above.

Use this alternative if you want to install Cert-Manager too:

Besides using Doctl, you can also interact with the DigitalOcean API directly to programmatically add new applications to your cluster.

Summary

You can quickly add the NGINX Ingress controller to a DigitalOcean Kubernetes cluster by using the 1-Click App available in the Marketplace. This deploys a pre-configured release of the NGINX Ingress Helm chart with ready-to-use configuration.

Although this accelerates initial provisioning, you must still manually run Helm commands to manage and upgrade your installation. The 1-Click App aims to strike a balance between ease of use and customization, ensuring you’re not locked-in to a specific set of parameters.