Ingress controllers manage external access to services inside a Kubernetes cluster. They handle:
✅ Routing traffic from domain names to services
✅ SSL/TLS termination for secure HTTPS access
✅ Load balancing requests to multiple pods
✅ Path-based and host-based routing
Ingress-Nginx is a widely used Ingress Controller.
K3s comes with Traefik as the default Ingress Controller. To use Ingress-Nginx instead, disable Traefik and install Nginx.
1️⃣ Disable Traefik (if installed)
kubectl get pods -A | grep traefik
If Traefik is running, disable it by adding this to your k3s startup:
--disable=traefik
Then restart your cluster.
2️⃣ Install Ingress-Nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
3️⃣ Verify it's running
kubectl get pods -n ingress-nginx
After installing the Ingress Controller, you need an Ingress resource to define routes.
📌 Example Ingress for a Service
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress
namespace: my-app
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt"
spec:
ingressClassName: nginx
tls:
- hosts:
- myapp.example.com
secretName: my-app-tls
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app
port:
number: 80
📌 Key Details:
If your Ingress isn't working, try these steps:
1️⃣ Check if the Ingress resource is applied
kubectl get ingress -A
kubectl describe ingress my-app-ingress -n my-app
2️⃣ Check Ingress Controller logs
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --tail=50
3️⃣ Test connectivity
Check if your Ingress Controller is reachable:
kubectl get svc -n ingress-nginx
If it's a LoadBalancer, get the external IP:
kubectl get svc -n ingress-nginx | grep LoadBalancer
Then test with curl:
curl -H "Host: myapp.example.com" http://<INGRESS_IP>
✅ Use TLS with Cert-Manager
✅ Restrict access using Ingress whitelisting
nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.1.0/24"
✅ Limit request body sizes
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
✅ Enable authentication if needed
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: "auth-secret"