To deploy multiple NGINX Ingress Controllers on Amazon EKS with separate ingress classes for internal and external traffic, you'll need to:
1. Create two Helm value files (values-internal.yaml and values-external.yaml)
*values-internal.yaml
*
controller:
ingressClass: nginx-internal
ingressClassResource:
name: nginx-internal
controllerValue: "k8s.io/ingress-nginx-internal" # Matches your IngressClass spec
enabled: false #Prevent Helm from creating or managing the IngressClass
ingressClassByName: true
watchIngressWithoutClass: false
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-################4,subnet-######################"
Note: You have to add below annotation to follow the corrrect nginc ingress class and controller.
Apply appropriate annotations to each controller
IngressClass
ingressClassByName: true
watchIngressWithoutClass: false
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"`
values-external.yaml
controller:
ingressClass: nginx-external
ingressClassResource:
name: nginx-external
controllerValue: "k8s.io/ingress-nginx-external" # Matches your IngressClass spec
enabled: false #Prevent Helm from creating or managing the IngressClass
ingressClassByName: true
watchIngressWithoutClass: false
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-subnets: "subnet-09d############,subnet-009#########"
2.Define separate ingress classes (nginx-internal and nginx-external)
Create externa-class.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx-external
spec:
controller: k8s.io/ingress-nginx-external
Create internal-class.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx-internal
spec:
controller: k8s.io/ingress-nginx-internal
Once created create custom ingress class:
kubectl apply -f external-class.yaml
kubectl apply -f internal-class.yaml
3.Deploy each controller using Helm with its respective values file:
# Add the ingress-nginx repo
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
# Deploy internal ingress
helm install nginx-internal ingress-nginx/ingress-nginx \
--namespace ingress-internal --create-namespace \
-f values-internal.yaml
# Deploy external ingress
helm install nginx-external ingress-nginx/ingress-nginx \
--namespace ingress-external --create-namespace \
-f values-external.yaml
Conclusion
Deploying separate NGINX Ingress Controllers for internal and external traffic on EKS enhances security, scalability, and traffic management. By defining distinct ingress classes and customizing Helm values, you gain fine-grained control over how services are exposed—whether privately within your VPC or publicly to the internet.
Top comments (0)