1. Home
  2. Docs
  3. Infrastructure
  4. Nginx Ingress

Nginx Ingress

To use Nginx Ingress Controller but NOT LoadBalancer, but controller.kind=DaemonSet with hostNetwork=true. First label the node for nginx:

kubectl label nodes NODE_NAME web-server=nginx

Set values.yaml for helm chart:

  hostNetwork: true
  kind: DaemonSet
    enabled: true
    type: ""
      memory: 100Mi
  # fix to one Kubernetes node
    web-server: nginx
      memory: 100Mi

Deploy stable/nginx-ingress helm chart:

helm install nginx-ingress stable/nginx-ingress -f values.yaml --wait

Allow Firewall on HTTPS Port

That’s done from Kubernetes part. However, we still need DigitalOcean to allow firewall on HTTPS port (firewall note), otherwise connections will just hang.

1. (Conditional) If you don’t already have a https-server firewall rule, create it:

doctl compute firewall create --inbound-rules="protocol:tcp,address:,ports:443" --name=https-server

2. Use doctl or DigitalOcean web UI to assign that firewall rule to your chosen DigitalOcean node.

# get droplet ID
doctl compute droplet list
# get firewall ID of https-server: 77190fe0-f14e-4883-9fe0-916ee8be3985
doctl compute firewall list
# add droplets to the firewall
doctl compute firewall add-droplets 77190fe0-f14e-4883-9fe0-916ee8be3985 --droplet-ids 206430663

3. Change the DNS A record to point to that node’s External IP address.

WebSockets and SSL Issue

There is a potential issue with Secure WebSockets (wss://) and SSL together with nginx-ingress, and most likely if complicated with a Load Balancer, and a CDN: https://github.com/kubernetes/ingress-nginx/issues/3746.

How can we help?

Leave a Reply

Your email address will not be published. Required fields are marked *