Here is the complete Kubernetes setup for deploying Nginx, installing Ingress-Nginx, setting up Cert-Manager, and enabling TLS with Let's Encrypt.
1️⃣ Install Nginx Ingress Controller
To expose services externally, install the Ingress-Nginx Controller.
Install Using Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace
Check if it's running:
kubectl get pods -n ingress-nginx
If successful, you should see pods like:
ingress-nginx-controller-xxxxx Running
2️⃣ Deploy Nginx Application
Nginx Deployment (nginx-deployment.yaml)
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
Apply:
kubectl apply -f nginx-deployment.yaml
Nginx Service (nginx-service.yaml)
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
Apply:
kubectl apply -f nginx-service.yaml
3️⃣ Install Cert-Manager
Cert-Manager handles SSL certificates.
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set installCRDs=true
Check if it's running:
kubectl get pods -n cert-manager
4️⃣ Create a ClusterIssuer for Let's Encrypt
Cert-Manager needs a ClusterIssuer to obtain certificates.
ClusterIssuer for Let's Encrypt (cluster-issuer.yaml)
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com # Change this
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
Apply:
kubectl apply -f cluster-issuer.yaml
5️⃣ Deploy an Ingress with TLS
This exposes Nginx externally using an Ingress with an automatic SSL certificate.
Nginx Ingress (nginx-ingress.yaml)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- nginx.example.com # Replace with your domain
secretName: nginx-tls-secret
rules:
- host: nginx.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
Apply:
kubectl apply -f nginx-ingress.yaml
6️⃣ Request a Certificate for Your Domain
Cert-Manager will request an SSL certificate from Let's Encrypt.
Certificate Request (nginx-certificate.yaml)
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nginx-tls
spec:
secretName: nginx-tls-secret
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: nginx.example.com
dnsNames:
- nginx.example.com
Apply:
kubectl apply -f nginx-certificate.yaml
7️⃣ Verify Everything
1️⃣ Check the Cert-Manager Status
kubectl get pods -n cert-manager
kubectl get clusterissuer
kubectl get certificate
Ensure the certificate is Ready.
2️⃣ Check the Ingress
kubectl get ingress
kubectl describe ingress nginx-ingress
You should see:
TLS:
nginx.example.com terminates nginx-tls-secret
3️⃣ Test HTTPS
Once the certificate is issued, test the HTTPS connection:
curl -v https://nginx.example.com
✅ Summary
-
Install Ingress-Nginx Controller 🚀
-
Deploy the Nginx Application 🍕
-
Install Cert-Manager 🔐
-
Create a Let's Encrypt ClusterIssuer 🏆
-
Deploy an Ingress with TLS 🔗
-
Request an SSL Certificate ✅
-
Verify HTTPS is Working 🌐
Now, your Nginx application is securely exposed over HTTPS using Ingress and Cert-Manager! 🚀