Skip to content

Exposing the ingress-nginx controller with a LoadBalancer service in RKE1 and RKE2 Kubernetes Clusters

This document (000021095) is provided subject to the disclaimer at the end of this document.

Environment

An RKE or RKE2 cluster deployed with the bundled ingress-nginx ingress controller

Situation

This knowledge base article provides instructions on configuring the ingress controller in Rancher RKE1 and RKE2 Kubernetes clusters to be exposed through a LoadBalancer service instead of the default host ports 80 and 443 on worker nodes. This is particularly useful when running a Kubernetes cluster on a cloud provider that supports automatic configuration and management of LoadBalancer services through Kubernetes's cloud provider integration.

Resolution

Exposing the Ingress Controller with a LoadBalancer Service in:

RKE1:

In RKE1, it is not possible to directly configure the ingress-nginx controller with a LoadBalancer service through the ingress options in the cluster configuration. However, you can manually create a LoadBalancer service as shown below:

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx-lb
  namespace: ingress-nginx
spec:
  ports:
    - name: http
      port: 80
      protocol: TCP
      targetPort: 80
    - name: https
      port: 443
      protocol: TCP
      targetPort: 443
  selector:
    app: ingress-nginx
  type: LoadBalancer

This will create a LoadBalancer service named "ingress-nginx-lb" in the "ingress-nginx" namespace, exposing ports 80 and 443.

This LoadBalancer service manifest can be added to the cluster via the user addons configuration, as documented at https://rke.docs.rancher.com/config-options/add-ons/user-defined-add-ons, to manage and deploy it alongside the cluster components/upgrades.

RKE2:

In RKE2, the ingress-nginx controller is managed through a Helm chart, allowing configuration changes using a HelmChartConfig resource. For more information see the following - https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig. Here is an example below of how to achieve this configuration.

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-ingress-nginx
  namespace: kube-system
spec:
  valuesContent: |-
    controller:
      hostPort:
        enabled: false
      service:
        enabled: true
        type: LoadBalancer

This configuration sets the "type" of the nginx ingress controller service to LoadBalancer, allowing it to be exposed through a cloud LoadBalancer.

For standalone RKE2 clusters, this HelmChartConfig manifest can be defined within the manifests directory on server nodes, as documented at https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig.

For Rancher-provisioned RKE2 clusters, this HelmChartConfig manifest can be defined within the cluster configuration under 'Additional Manifest'.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.