Setting Up NGINX Ingress Controller and SSL in Kubernetes
Setting up an ingress controller and SSL in Kubernetes can greatly enhance your application's security and accessibility. This article walks you through setting up the NGINX ingress controller and securing your services using SSL certificates from Let's Encrypt.
Prerequisites:
- A Kubernetes cluster
-
kubectl
CLI tool installed and configured - A domain (for this tutorial, we'll use
example.com
)
1. Install NGINX Ingress Controller:
To start with, we need to set up the NGINX ingress controller. This will manage our inbound traffic to the cluster.
# Create a namespace for the ingress controller
kubectl create namespace nginx
# Install the ingress controller using Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install nginx ingress-nginx/ingress-nginx --namespace nginx
2. Deploy Your Next.js App:
For this tutorial, we assume you have a simple Next.js application containerized and ready to be deployed. Here's a quick setup:
apiVersion: v1
kind: Service
metadata:
name: nextjs-service
namespace: example
spec:
ports:
- port: 80
targetPort: 3000
selector:
app: nextjs
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextjs-deployment
namespace: example
spec:
replicas: 2
selector:
matchLabels:
app: nextjs
template:
metadata:
labels:
app: nextjs
spec:
containers:
- name: nextjs
image: YOUR_NEXTJS_IMAGE
ports:
- containerPort: 3000
Deploy using:
kubectl apply -f nextjs-app.yaml
3. Setup Ingress:
Now, to expose your Next.js app to the internet using your domain (example.com
), set up an Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextjs-ingress
namespace: example
annotations:
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextjs-service
port:
number: 80
Apply the ingress:
kubectl apply -f nextjs-ingress.yaml
4. Point A Record to Load Balancer IP:
Once the ingress is applied, you should obtain an external IP address for the NGINX load balancer. Fetch this IP using:
kubectl get services -n nginx
Locate the EXTERNAL-IP
of the ingress-nginx service.
Now, update your DNS settings by adding an A record pointing example.com
to the EXTERNAL-IP
.
5. Setting Up SSL with Cert-Manager:
To secure our application with SSL, we'll utilize cert-manager:
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Install cert-manager
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.6.0 --set installCRDs=true
Next, configure the Issuer and Certificate:
# Issuer Configuration
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: example
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: YOUR_EMAIL
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
# Certificate Configuration
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-tls
namespace: example
spec:
secretName: example-tls-secret
issuerRef:
name: letsencrypt-prod
kind: Issuer
commonName: example.com
dnsNames:
- example.com
Replace YOUR_EMAIL
with your actual email and deploy:
kubectl apply -f ssl-config.yaml
Cert-manager will now request a certificate for your domain from Let's Encrypt and store it in a Kubernetes Secret (example-tls-secret
). Your ingress will automatically use this secret for SSL termination.
Conclusion:
You've successfully set up the NGINX ingress controller, deployed a Next.js application, and secured it with SSL in your Kubernetes cluster. Ensure to monitor your applications and regularly update your configurations for security and performance improvements.
Top comments (0)