Exposing the ingress-nginx controller with a LoadBalancer service in RKE1 and RKE2 Kubernetes Clusters
Article Number: 000021095
Environment
An RKE or RKE2 cluster deployed with the bundled ingress-nginx ingress controller
Situation
This knowledge base article provides instructions on configuring the ingress controller in Rancher RKE1 and RKE2 Kubernetes clusters to be exposed through a LoadBalancer service instead of the default host ports 80 and 443 on worker nodes. This is particularly useful when running a Kubernetes cluster on a cloud provider that supports automatic configuration and management of LoadBalancer services through Kubernetes's cloud provider integration.
Resolution
Exposing the Ingress Controller with a LoadBalancer Service in:
RKE1:
In RKE1, it is not possible to directly configure the ingress-nginx controller with a LoadBalancer service through the ingress options in the cluster configuration. However, you can manually create a LoadBalancer service as shown below:
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-lb
namespace: ingress-nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: ingress-nginx
type: LoadBalancer
This will create a LoadBalancer service named "ingress-nginx-lb" in the "ingress-nginx" namespace, exposing ports 80 and 443.
This LoadBalancer service manifest can be added to the cluster via the user addons configuration, as documented at https://rke.docs.rancher.com/config-options/add-ons/user-defined-add-ons, to manage and deploy it alongside the cluster components/upgrades.
RKE2:
In RKE2, the ingress-nginx controller is managed through a Helm chart, allowing configuration changes using a HelmChartConfig resource. For more information see the following - https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig. Here is an example below of how to achieve this configuration.
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: rke2-ingress-nginx
namespace: kube-system
spec:
valuesContent: |
controller:
hostNetwork: false
kind: Deployment
replicaCount: 3
service:
enabled: true
type: LoadBalancer
This configuration changes the ingress controller from a DaemonSet to a Deployment, sets the number of replicas to 3 for high availability, and updates the service type to LoadBalancer, enabling external access via a cloud load balancer. You should adjust the replica count based on the size and availability requirements of your environment.
For standalone RKE2 clusters, this HelmChartConfig manifest can be defined within the manifests directory on server nodes, as documented at https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig.
For Rancher-provisioned RKE2 clusters, this HelmChartConfig manifest can be defined within the cluster configuration under 'Additional Manifest'.