Nginx Ingress Controller ​
I have 2 Nginx Ingress Controller for my kubernetes cluster:
PublicIngress Controller: Handles external traffic and exposes web servers to the Internet.InternalIngress Controller: Manages internal traffic for services that are only in the private network.
Architecture ​
Complete schema with both ingresses:
Simplified schema:
As you can see the Load Balancer component is handle by Cilium in my case. But you can install MetalLB or other load balancer provider if you want.
Installation ​
The installation of Nginx Ingress Controller requires the Helm chart located at https://kubernetes.github.io/ingress-nginx.
Below are the minimal values for the public nginx instance:
yaml
ingress-nginx:
controller:
replicaCount: 3
allowSnippetAnnotations: true
ingressClassResource:
default: true
config:
# -- Enable forwarded headers to get the original client IP in X-Forwarded-For headers.
# Useful if you use Cloudflare or other third party tool on top of your infrastructure
# and you want to preserve the sourceIP of the client.
use-forwarded-headers: "true"
service:
# -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it.
externalTrafficPolicy: Local
defaultBackend:
enabled: trueFor the internal nginx instance, ensure that you specify both the ingressClassName and controllerValue fields to prevent conflicts with the public instance.
yaml
whitelist: &whitelist 192.168.0.0/16
ingress-nginx:
controller:
replicaCount: 3
allowSnippetAnnotations: true
ingressClassResource:
default: false
# Make sure to modify those 2 options to avoid conflict with the public instance
name: internal
controllerValue: k8s.io/ingress-nginx-internal
config:
# -- Disable forwarded headers as we don't need it
use-forwarded-headers: "false"
whitelist-source-range: *whitelist
service:
# -- External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it.
externalTrafficPolicy: Local
defaultBackend:
enabled: trueAnd voila !