DEV Community

☸️ Kubernetes NGINX Ingress Controller: 10+ Complementary Configurations for Web Applications

Benoit COUETIL 💫 on October 16, 2023

Initial thoughts Helm chart Installation/update 1. Set NGINX as the default ingress controller 2. Set SSL/TLS termination on AWS load balancer 3. ...

Read full post

Rémi Verchère • Oct 17 '23

Thanks for the blogpost!

Concerning the 1st point, "Set NGINX as the default ingress controller": the kubernetes.io/ingress.class annotation is deprecated since Kubernetes 1.18, prefer use ingressClassName.

One tip, if you love logs and metrics dashboard, you can change default logs configuration, with json support and geo-ip + maxmind, and enable metrics:

controller:
  config:
    log-format-escape-json: "true"
    log-format-upstream: '{"msec": "$msec", "connection": "$connection", "connection_requests": "$connection_requests", "pid": "$pid", "request_id": "$request_id", "request_length": "$request_length", "remote_addr": "$remote_addr", "remote_user": "$remote_user", "remote_port": "$remote_port", "time_local": "$time_local", "time_iso8601": "$time_iso8601", "request": "$request", "request_uri": "$request_uri", "args": "$args", "status": "$status", "body_bytes_sent": "$body_bytes_sent", "bytes_sent": "$bytes_sent", "http_referer": "$http_referer", "http_user_agent": "$http_user_agent", "http_x_forwarded_for": "$http_x_forwarded_for", "http_host": "$http_host", "server_name": "$server_name", "request_time": "$request_time", "upstream": "$upstream_addr", "upstream_connect_time": "$upstream_connect_time", "upstream_header_time": "$upstream_header_time", "upstream_response_time": "$upstream_response_time", "upstream_response_length": "$upstream_response_length", "upstream_cache_status": "$upstream_cache_status", "ssl_protocol": "$ssl_protocol", "ssl_cipher": "$ssl_cipher", "scheme": "$scheme", "request_method": "$request_method", "server_protocol": "$server_protocol", "pipe": "$pipe", "gzip_ratio": "$gzip_ratio", "http_cf_ray": "$http_cf_ray", "geoip_country_code": "$geoip_country_code" }'
    use-geoip2: "true"
  maxmindLicenseKey: changeme

  metrics:
    enabled: true
    serviceMonitor:
      enabled: true

Benoit COUETIL 💫 • Oct 17 '23

Thank you Remi for your valuable insights 🤗

I will update with the ingressClassName.

For the tip, what backend do you have in mind for logs/metrics ? ELK ? I have yet to test that part 🤓

Rémi Verchère • Oct 17 '23

On my side, I'm using Loki & Prometheus ;)
You can get some dashboard from here, need to build one for the logs (you can still explore them).

Benoit COUETIL 💫 • Oct 17 '23

Thanks 🙏

Article updated with ingressClassName ✌️

Boris • Jan 15

Thanks for share your experience ;)

Benoit COUETIL 💫 • Jan 15

Thanks, I appreciate your feedback 🤗

Don't hesitate to share some use cases if you think they are missing and deserve a place in the list 😉

Benoit COUETIL 💫 • Jan 16

Many thanks to @K8SArchitect for spreading this article on twitter yesterday 🤗

Adesoji1 • Jan 30

So if I want to deploy to a registered domain, is this the approach to use?

Benoit COUETIL 💫 • Jan 30 • Edited

Do you already have a kubernetes cluster, or are you trying to evaluate if Kubernetes + NGINX is the right approach ?

Can you give more info about your context ?

Adesoji1 • Jan 30

i want to deploy a java backend and angular frontend, i have the nginx configurations setup already in my dockerfile. i have a registered domain to use and i want to deploy to aws using terraform+jenkins+docker+kubernetes, therefore i want to know if the approach in your tutorial is applicable to my task?

Benoit COUETIL 💫 • Jan 31 • Edited

If you have a domain and a Kubernetes cluster, yes, it is applicable. The fact that you have NGINX conf in your Dockerfile (for the frontend), may not be relevant : When using NGINX Ingress Controller, in general we remove NGINX specificites inside application.