ingress-nginx-helm/deploy/index.html

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/deploy/ rel=canonical><link rel="shortcut icon" href=../assets/images/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.4"><title>Installation Guide - NGINX Ingress Controller</title><link rel=stylesheet href=../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#009485><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../extra.css><script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new Date,ga("create","UA-118407822-1","kubernetes.github.io"),ga("set","anonymizeIp",!0),ga("send","pageview"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){if(this.value){var e=document.location.pathname;ga("send","pageview",e+"?q="+this.value)}})}),document.addEventListener("DOMContentSwitch",function(){ga("send","pageview",document.location.pathname)})</script><script async src=https://www.google-analytics.com/analytics.js></script></head> <body dir=ltr data-md-color-scheme data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#installation-guide class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://kubernetes.github.io/ingress-nginx title="NGINX Ingress Controller" class="md-header-nav__button md-logo" aria-label="NGINX Ingress Controller"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> NGINX Ingress Controller </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> Installation Guide </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 0
  <span class="l l-Scalar l-Scalar-Plain">--for=condition=ready pod \</span>
  <span class="l l-Scalar l-Scalar-Plain">--selector=app.kubernetes.io/component=controller \</span>
  <span class="l l-Scalar l-Scalar-Plain">--timeout=120s</span>
</code></pre></div> <h2 id=contents>Contents<a class=headerlink href=#contents title="Permanent link"> ¶</a></h2> <ul> <li><a href=#provider-specific-steps>Provider Specific Steps</a></li> <li><a href=#docker-desktop>Docker Desktop</a></li> <li><a href=#minikube>minikube</a></li> <li><a href=#microk8s>microk8s</a></li> <li><a href=#aws>AWS</a></li> <li><a href=#gce-gke>GCE - GKE</a></li> <li><a href=#azure>Azure</a></li> <li><a href=#digital-ocean>Digital Ocean</a></li> <li><a href=#scaleway>Scaleway</a></li> <li><a href=#exoscale>Exoscale</a></li> <li><a href=#oracle-cloud-infrastructure>Oracle Cloud Infrastructure</a> </li> <li><a href=#bare-metal>Bare-metal</a></li> <li><a href=#verify-installation>Verify installation</a></li> <li><a href=#detect-installed-version>Detect installed version</a></li> <li><a href=#using-helm>Using Helm</a></li> </ul> <h3 id=provider-specific-steps>Provider Specific Steps<a class=headerlink href=#provider-specific-steps title="Permanent link"> ¶</a></h3> <h4 id=docker-desktop>Docker Desktop<a class=headerlink href=#docker-desktop title="Permanent link"> ¶</a></h4> <p>Kubernetes is available in Docker Desktop</p> <ul> <li>Mac, from <a href=https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018>version 18.06.0-ce</a></li> <li>Windows, from <a href=https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18060-ce-win70-2018-07-25>version 18.06.0-ce</a></li> </ul> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/cloud/deploy.yaml</span>
</code></pre></div> <h4 id=minikube>minikube<a class=headerlink href=#minikube title="Permanent link"> ¶</a></h4> <p>For standard usage:</p> <div class=highlight><pre><span></span><code><span class=go>minikube addons enable ingress</span>
</code></pre></div> <h4 id=microk8s>microk8s<a class=headerlink href=#microk8s title="Permanent link"> ¶</a></h4> <p>For standard usage:</p> <div class=highlight><pre><span></span><code><span class=go>microk8s enable ingress</span>
</code></pre></div> <p>Please check the microk8s <a href=https://microk8s.io/docs/addon-ingress>documentation page</a></p> <h4 id=aws>AWS<a class=headerlink href=#aws title="Permanent link"> ¶</a></h4> <p>In AWS we use a Network load balancer (NLB) to expose the NGINX Ingress controller behind a Service of <code>Type=LoadBalancer</code>.</p> <h5 id=network-load-balancer-nlb>Network Load Balancer (NLB)<a class=headerlink href=#network-load-balancer-nlb title="Permanent link"> ¶</a></h5> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/aws/deploy.yaml</span>
</code></pre></div> <h5 id=tls-termination-in-aws-load-balancer-elb>TLS termination in AWS Load Balancer (ELB)<a class=headerlink href=#tls-termination-in-aws-load-balancer-elb title="Permanent link"> ¶</a></h5> <p>In some scenarios is required to terminate TLS in the Load Balancer and not in the ingress controller.</p> <p>For this purpose we provide a template:</p> <ul> <li>Download <a href=https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/aws/deploy-tls-termination.yaml>deploy-tls-termination.yaml</a></li> </ul> <div class=highlight><pre><span></span><code><span class=go>wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/aws/deploy-tls-termination.yaml</span>
</code></pre></div> <ul> <li> <p>Edit the file and change:</p> </li> <li> <p>VPC CIDR in use for the Kubernetes cluster:</p> </li> </ul> <p><code>proxy-real-ip-cidr: XXX.XXX.XXX/XX</code></p> <ul> <li>AWS Certificate Manager (ACM) ID</li> </ul> <p><code>arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX</code></p> <ul> <li>Deploy the manifest:</li> </ul> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f deploy-tls-termination.yaml</span>
</code></pre></div> <h5 id=nlb-idle-timeouts>NLB Idle Timeouts<a class=headerlink href=#nlb-idle-timeouts title="Permanent link"> ¶</a></h5> <p>Idle timeout value for TCP flows is 350 seconds and <a href=https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout>cannot be modified</a>.</p> <p>For this reason, you need to ensure the <a href=http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout>keepalive_timeout</a> value is configured less than 350 seconds to work as expected.</p> <p>By default NGINX <code>keepalive_timeout</code> is set to <code>75s</code>.</p> <p>More information with regards to timeouts can be found in the <a href=https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#connection-idle-timeout>official AWS documentation</a></p> <h4 id=gce-gke>GCE-GKE<a class=headerlink href=#gce-gke title="Permanent link"> ¶</a></h4> <div class="admonition info"> <p class=admonition-title>Info</p> <p>Initialize your user as a cluster-admin with the following command: <div class=highlight><pre><span></span><code><span class=go>kubectl create clusterrolebinding cluster-admin-binding \</span>
<span class=go>  --clusterrole cluster-admin \</span>
<span class=go>  --user $(gcloud config get-value account)</span>
</code></pre></div></p> </div> <div class="admonition danger"> <p class=admonition-title>Danger</p> <p>For private clusters, you will need to either add an additional firewall rule that allows master nodes access to port <code>8443/tcp</code> on worker nodes, or change the existing rule that allows access to ports <code>80/tcp</code>, <code>443/tcp</code> and <code>10254/tcp</code> to also allow access to port <code>8443/tcp</code>.</p> <p>See the <a href=https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules>GKE documentation</a> on adding rules and the <a href=https://github.com/kubernetes/kubernetes/issues/79739>Kubernetes issue</a> for more detail.</p> </div> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/cloud/deploy.yaml</span>
</code></pre></div> <div class="admonition failure important"> <p class=admonition-title>Failure</p> <p>Proxy protocol is not supported in GCE/GKE</p> </div> <h4 id=azure>Azure<a class=headerlink href=#azure title="Permanent link"> ¶</a></h4> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/cloud/deploy.yaml</span>
</code></pre></div> <p>More information with regards to Azure annotations for ingress controller can be found in the <a href=https://docs.microsoft.com/en-us/azure/aks/ingress-internal-ip#create-an-ingress-controller>official AKS documentation</a>.</p> <h4 id=digital-ocean>Digital Ocean<a class=headerlink href=#digital-ocean title="Permanent link"> ¶</a></h4> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/do/deploy.yaml</span>
</code></pre></div> <h4 id=scaleway>Scaleway<a class=headerlink href=#scaleway title="Permanent link"> ¶</a></h4> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/scw/deploy.yaml</span>
</code></pre></div> <h4 id=exoscale>Exoscale<a class=headerlink href=#exoscale title="Permanent link"> ¶</a></h4> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/exoscale/deploy.yaml</span>
</code></pre></div> <p>The full list of annotations supported by Exoscale is available in the Exoscale Cloud Controller Manager <a href=https://github.com/exoscale/exoscale-cloud-controller-manager/blob/master/docs/service-loadbalancer.md>documentation</a>.</p> <h4 id=oracle-cloud-infrastructure>Oracle Cloud Infrastructure<a class=headerlink href=#oracle-cloud-infrastructure title="Permanent link"> ¶</a></h4> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml</span>
</code></pre></div> <p>A <a href=https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md>complete list of available annotations for Oracle Cloud Infrastructure</a> can be found in the <a href=https://github.com/oracle/oci-cloud-controller-manager>OCI Cloud Controller Manager</a> documentation.</p> <h4 id=bare-metal>Bare-metal<a class=headerlink href=#bare-metal title="Permanent link"> ¶</a></h4> <p>Using <a href=https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport>NodePort</a>:</p> <div class=highlight><pre><span></span><code><span class=go>kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.48.1/deploy/static/provider/baremetal/deploy.yaml</span>
</code></pre></div> <div class="admonition tip"> <p class=admonition-title>Tip</p> <p>Applicable on kubernetes clusters deployed on bare-metal with generic Linux distro(Such as CentOs, Ubuntu ...).</p> </div> <div class="admonition info"> <p class=admonition-title>Info</p> <p>For extended notes regarding deployments on bare-metal, see <a href=baremetal/ >Bare-metal considerations</a>.</p> </div> <h3 id=verify-installation>Verify installation<a class=headerlink href=#verify-installation title="Permanent link"> ¶</a></h3> <p>To check if the ingress controller pods have started, run the following command:</p> <div class=highlight><pre><span></span><code><span class=go>kubectl get pods -n ingress-nginx \</span>
<span class=go>  -l app.kubernetes.io/name=ingress-nginx --watch</span>
</code></pre></div> <p>Once the ingress controller pods are running, you can cancel the command typing <code>Ctrl+C</code>.</p> <p>Now, you are ready to create your first ingress.</p> <h3 id=detect-installed-version>Detect installed version<a class=headerlink href=#detect-installed-version title="Permanent link"> ¶</a></h3> <p>To detect which version of the ingress controller is running, exec into the pod and run <code>nginx-ingress-controller --version</code>.</p> <div class=highlight><pre><span></span><code><span class=go>POD_NAMESPACE=ingress-nginx</span>
<span class=go>POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx --field-selector=status.phase=Running -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>

<span class=go>kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version</span>
</code></pre></div> <h2 id=using-helm>Using Helm<a class=headerlink href=#using-helm title="Permanent link"> ¶</a></h2> <div class="admonition attention"> <p class=admonition-title>Attention</p> <p>Only Helm v3 is supported</p> </div> <p>NGINX Ingress controller can be installed via <a href=https://helm.sh/ >Helm</a> using the chart from the project repository. To install the chart with the release name <code>ingress-nginx</code>:</p> <div class=highlight><pre><span></span><code><span class=go>helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx</span>
<span class=go>helm repo update</span>

<span class=go>helm install ingress-nginx ingress-nginx/ingress-nginx</span>
</code></pre></div> <h2 id=detect-installed-version_1>Detect installed version:<a class=headerlink href=#detect-installed-version_1 title="Permanent link"> ¶</a></h2> <div class=highlight><pre><span></span><code><span class=go>POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>
<span class=go>kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version</span>
</code></pre></div> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../kubectl-plugin/ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> kubectl plugin </div> </div> </a> <a href=baremetal/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> Bare-metal considerations </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <script src=../assets/javascripts/vendor.93c04032.min.js></script> <script src=../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
        app = initialize({
          base: "..",
          features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
          search: Object.assign({
            worker: "../assets/javascripts/worker/search.8c7e0a7e.min.js"
          }, typeof search !== "undefined" && search)
        })
      </script> </body> </html>