Create an Ingress Controller

In order to route traffic to applications deployed in Kubernetes it is good practice to use an Ingress Controller which proxies incoming request to the correct services and can handle things like TLS offloading. For more information on Ingress resources and Ingress Controllers see the official Kubernetes documentation.

NGINX Ingress Controller

A popular ingress controller is the nginx ingress controller.

NGINX Ingress Controller Installation

The easiest way to install it in your cluster is through Helm. When Helm is ready to be used, run:

helm install stable/nginx-ingress --name nginx-ingress --namespace kube-system  --set "rbac.create=true" --set "controller.replicaCount=2" --set "defaultBackend.replicaCount=2"

to install the NGINX Ingress Controller in the cluster. This will automatically create a Type Load Balancer service for you.


If you want to use Let's Encrypt to automatically manage TLS certificates for your ingress resources, you also have to install cert-manager.

Cert-Manager Installation

This can be done through Helm as well:

kubectl apply -f

kubectl create namespace cert-manager

kubectl label namespace cert-manager

helm repo add jetstack

helm repo update

helm install --name cert-manager --namespace cert-manager --version v0.7.0 jetstack/cert-manager

Configure cluster issuer

After installing the cert-manager you have to configure how it can fetch certificates. For that you have to add a ClusterIssuer to your Kubernetes cluster:

cat <<'EOF' | kubectl apply -f -
kind: ClusterIssuer
  name: letsencrypt-prod
    # The ACME server URL
    # Email address used for ACME registration
    # Name of a secret used to store the ACME account private key
      name: letsencrypt-prod
    # Enable HTTP01 validations
    http01: {}

In Deploy Application you can see how you can use this issuer to fetch a certificate.

Further information