Deploy NGINX Ingress Controller

In this section you will configure and deploy the NGINX Ingress Controller and expose it using a public Azure Load Balancer.

What You'll Need


  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:/# cd ~/ops/deployments
  2. Specify the desired DNS name label for your Azure Load Balancer. This name should be globally unique in the Azure region you are using:

    root@rok-tools:~/ops/deployments# export AZURELB_DNS_NAME_LABEL=arrikto-cluster
  3. Compute the FQDN for your Azure Load Balancer based on the DNS name label:

    root@rok-tools:~/ops/deployments# echo ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?}
  4. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and use service-azurelb as base, instead of the default ingress-alb:

    #- ../ingress-alb
    #- ../service-elb
    - ../service-azurelb
  5. Edit rok/nginx-ingress-controller/overlays/deploy/kustomization.yaml and use the service-azurelb patch, instead of the default ingress-alb and service-alb:

    #- path: patches/ingress-alb.yaml
    #- path: patches/service-alb.yaml
    #- path: patches/service-elb.yaml
    - path: patches/service-azurelb.yaml
  6. Enable the firewall in your Azure Load Balancer and allow access only to specific CIDRs. Edit rok/nginx-ingress-controller/overlays/deploy/patches/service-azurelb.yaml and set loadBalancerSourceRanges to the desired trusted CIDRs. Leave the default value of if you want to allow access for everyone:

      - ""
  7. Edit rok/nginx-ingress-controller/overlays/deploy/patches/service-azurelb.yaml and set the annotation to the desired DNS name label for your Azure Load Balancer from step 2:

      annotations: "arrikto-cluster"
  8. Commit your changes:

    root@rok-tools:~/ops/deployments# git commit -am "Expose NGINX Ingress Controller with an Azure Load Balancer"
  9. Deploy NGINX Ingress Controller:

    root@rok-tools:~/ops/deployments# rok-deploy --apply rok/nginx-ingress-controller/overlays/deploy


  1. Verify that NGINX Ingress Controller is up-and-running. Check pod status and verify field STATUS is Running and field READY is 1/1:

    root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get pods
    NAME                                        READY   STATUS    RESTARTS AGE
    nginx-ingress-controller-7f74f657bd-ln59l   1/1     Running   0        1m
  2. Verify that the Load Balancer Service has an external IP:

    root@rok-tools:~/ops/deployments# kubectl -n ingress-nginx get service
    NAME                TYPE           CLUSTER-IP  EXTERNAL-IP   PORT(S)  AGE
    ingress-nginx       LoadBalancer   <none>   <none>   1m
  3. Verify that the FQDN for your Azure Load Balancer resolves to the LoadBalancer Service IP:

    root@rok-tools:~/ops/deployments# host ${AZURELB_DNS_NAME_LABEL?}.${AZURE_DEFAULTS_LOCATION?} has address


You have successfully deployed the NGINX Ingress Controller, and exposed it using an Azure Load Balancer.

What's Next

The next step is to expose Istio, our service mesh.