Skip to content

Instantly share code, notes, and snippets.

@corydodt

corydodt/nginx-ingress-values.yaml

Created September 11, 2017 16:25
Show Gist options
  • Save corydodt/2c406b9590391415c35d482a9abba9eb to your computer and use it in GitHub Desktop.
Save corydodt/2c406b9590391415c35d482a9abba9eb to your computer and use it in GitHub Desktop.
Download ZIP
Values file for using helm with nginx-ingress on AWS
Raw
nginx-ingress-values.yaml
## nginx configuration
## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
##
controller:
name: controller
image:
repository: gcr.io/google_containers/nginx-ingress-controller
tag: "0.9.0-beta.12"
config:
use-proxy-protocol: "true"
## Allows customization of the external service
## the ingress will be bound to via DNS
publishService:
enabled: true
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
## Set external traffic policy to: "Local" to preserve source IP on
## providers supporting it
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
externalTrafficPolicy: "Local"
type: LoadBalancer
## Default 404 backend
##
defaultBackend:
## If false, controller.defaultBackendService must be provided
##
enabled: true
name: default-backend
image:
repository: gcr.io/google_containers/defaultbackend
tag: "1.3"
service:
servicePort: 80
type: ClusterIP
@corydodt
Copy link
Author

corydodt commented Sep 11, 2017
edited
Loading

Use:

helm install stable/nginx-ingress -f nginx-ingress-values.yaml

This contains some good default settings for the nginx-ingress controller on AWS. It uses LoadBalancer with ProxyProtocol turned on, which just makes ELB a dumb TCP frontend to the controller. In particular, it allows TLS to be terminated by the nginx-ingress controller, configured with a kubernetes secret.

It also turns on publishService, which makes the controller use the ELB's IP for the service instead of its own.

Finally, it turns on the default backend, necessary for handling requests which reach the load balancer but are not associated with any known ingress.

To create your own ingress using this controller, add this annotation to the ingress metadata:

kind: Ingress
    ...
    metadata:
        ...
        annotations:
            kubernetes.io/ingress.class: nginx

You will probably also want tls in the spec with

kind: Ingress
    ...
    spec:
        rules:
            ...
        tls:
            - secretName: (a tls secret you have previously uploaded)
              hosts:
                  - (some hosts matching the tls secret)

Finally, I highly recommend helm create for your own applications, as it will create a usable nginx-ingress template for you.

@jkinred
Copy link

jkinred commented Jul 21, 2018

Very helpful, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment