Deploy NGINX Ingress Controller

In this section you will configure and deploy the NGINX Ingress Controller and expose it using a Classic Load Balancer.

Check Your Environment

Before you can load balance application traffic to an application, your EKS cluster must meet the following requirements:

  • It should have at least two subnets in different Availability Zones, both of which are either public or private.

  • All private subnets should have the following tag so that Kubernetes knows what subnets to use for internal load balancers:

    • Key:
    • Value: 1
  • All public subnets should have the following tag so that Kubernetes knows what subnets to use for external load balancers:

    • Key:
    • Value: 1


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and use service-elb as base, instead of the default ingress-alb:

    #- ../ingress-alb
    - ../service-elb
    #- ../service-azurelb
  3. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and use the service-elb patch, instead of the default ingress-alb and service-alb:

    #- path: patches/ingress-alb.yaml
    #- path: patches/service-alb.yaml
    - path: patches/service-elb.yaml
    #- path: patches/service-azurelb.yaml
  4. Enable the firewall in your Classic Load Balancer and allow access only to specific CIDRs. Edit rok/nginx-ingress-controller/overlays/deploy/patches/service-elb.yaml and set loadBalancerSourceRanges to the desired trusted CIDRs. Leave the default value of if you want to allow access for everyone:

      - ""
  5. Edit rok/nginx-ingress-controller/overlays/deploy/patches/service-elb.yaml and set the aws-load-balancer-internal annotation based on the type of Load Balancer you are going to create:

    annotations: "false"
    annotations: "true"
  6. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with a Classic Load Balancer"
  7. Deploy NGINX Ingress Controller:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy


  1. Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:

    root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods
    NAME                                        READY   STATUS    RESTARTS AGE
    nginx-ingress-controller-7f74f657bd-ln59l   1/1     Running   0        1m
  2. Verify that the Load Balancer Service has an external IP:

    root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service
    NAME           TYPE          CLUSTER-IP   EXTERNAL-IP                                                             PORT(S)                      AGE
    ingress-nginx  LoadBalancer  80:30099/TCP,443:30719/TCP   1m


You have successfully deployed the NGINX Ingress Controller, and exposed it using a Classic Load Balancer.

What’s Next

The next step is to expose Istio, our service mesh.