Skip to content

Exposing the ingress-nginx controller with a LoadBalancer service in RKE1 and RKE2 Kubernetes Clusters

Article Number: 000021095

Environment

An RKE or RKE2 cluster deployed with the bundled ingress-nginx ingress controller

Situation

This knowledge base article provides instructions on configuring the ingress controller in Rancher RKE1 and RKE2 Kubernetes clusters to be exposed through a LoadBalancer service instead of the default host ports 80 and 443 on worker nodes. This is particularly useful when running a Kubernetes cluster on a cloud provider that supports automatic configuration and management of LoadBalancer services through Kubernetes's cloud provider integration.

Resolution

Exposing the Ingress Controller with a LoadBalancer Service in:

RKE1:

In RKE1, it is not possible to directly configure the ingress-nginx controller with a LoadBalancer service through the ingress options in the cluster configuration. However, you can manually create a LoadBalancer service as shown below:

apiVersion: v1 
kind: Service 
metadata: 
  name: ingress-nginx-lb 
  namespace: ingress-nginx 
spec: 
  ports: 
    - name: http 
      port: 80 
      protocol: TCP 
      targetPort: 80 
    - name: https 
      port: 443 
      protocol: TCP 
      targetPort: 443 
  selector: 
    app: ingress-nginx 
  type: LoadBalancer 

This will create a LoadBalancer service named "ingress-nginx-lb" in the "ingress-nginx" namespace, exposing ports 80 and 443.

This LoadBalancer service manifest can be added to the cluster via the user addons configuration, as documented at https://rke.docs.rancher.com/config-options/add-ons/user-defined-add-ons, to manage and deploy it alongside the cluster components/upgrades.

RKE2:

In RKE2, the ingress-nginx controller is managed through a Helm chart, allowing configuration changes using a HelmChartConfig resource. For more information see the following - https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig. Here is an example below of how to achieve this configuration.

apiVersion: helm.cattle.io/v1 
kind: HelmChartConfig 
metadata: 
  name: rke2-ingress-nginx 
  namespace: kube-system 
spec:
  valuesContent: |
    controller:
      hostNetwork: false
      kind: Deployment
      replicaCount: 3
      service:
        enabled: true
        type: LoadBalancer

This configuration changes the ingress controller from a DaemonSet to a Deployment, sets the number of replicas to 3 for high availability, and updates the service type to LoadBalancer, enabling external access via a cloud load balancer. You should adjust the replica count based on the size and availability requirements of your environment.

For standalone RKE2 clusters, this HelmChartConfig manifest can be defined within the manifests directory on server nodes, as documented at https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig.

For Rancher-provisioned RKE2 clusters, this HelmChartConfig manifest can be defined within the cluster configuration under 'Additional Manifest'.