nginx logo

In our previous blog post, we set up our Kubernetes cluster and deployed a pod running nginx, but the experience was disappointing—we couldn’t browse to our pod. Let’s fix that by deploying the nginx Ingress controller.

Acquire the External IP Address (Elastic IP)

We’ll use the Google Cloud console to acquire the external address [external address] for our load balancer.

Navigate to VPC network → External IP addresses → Reserve Static Address:

  • Name: gke-nono-io (or “gke-” and whatever your domain is, with dashes not dots)
  • Description: Ingress for GKE
acquire external IP

In our example, we acquire the IP address,

Create DNS Record to Point to Acquired IP Address

You’ll need a DNS domain for this part. In our examples, we use the domain “”, so whenever you see “”, substitute & replace your domain. Similarly, whenever you see “”, substitute your external IP address.

Adding a DNS record is outside the scope of the humble blog post (we use BIND, but these days services such as AWS’s Route 53 are all the rage).

We create the DNS address record “” to point to “”; Let’s test to make sure it’s set up properly:

dig +short # should return

Create Kubernetes Ingress nginx Manifest Files

We’re going to shamelessly copy the canonical Ingress nginx manifest files and modify them to include our static IP address:

[Much of the following is shamelessly copied from the ingress-nginx docs]

Assign cluster-admin permissions:

kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole cluster-admin \
  --user $(gcloud config get-value account)

Let’s download our controller manifest and edit it:

curl -L \
  -o nginx-ingress-controller.yml
nvim nginx-ingress-controller.yml

We need to add our IP address to our load balancer Kubernetes service. search for the string “LoadBalancer” and add the IP address as shown below (don’t include the plus sign “+” in your file):

   type: LoadBalancer
   externalTrafficPolicy: Local
+  loadBalancerIP:
     - name: http
       port: 80

Let’s apply our changes:

kubectl apply -f nginx-ingress-controller.yml

Let’s wait for the change to have completed

 kubectl wait --namespace ingress-nginx \
  --for=condition=ready pod \ \

Let’s browse to our endpoint: We see the nginx “404 Not Found” status page, but that’s reassuring: it means we’ve properly set up the nginx controller, but haven’t yet set up Ingress to our existing pods.

Before we set up Ingress, let’s check our HTTPS endpoint:

Wait, what is this? We’re seeing an unsettling message, “Warning: Potential Security Risk Ahead” (Chrome users may see “Your connection is not private”; Safari users, “This Connection Is Not Private”). We’re upset—we don’t want to be seen as losers who are using self-signed TLS certificates; we want to be winners who are using certificates from Let’s Encrypt.

Stay Tuned!

Stay tuned for our next installment, where we configure Let’s Encrypt certificates for our TLS (Transport Layer Security) endpoints.



external address

You can also acquire the external address via the command line (don’t forget to change “blabbertabber” to your project’s name):

gcloud compute addresses create gke-nono-io --project=blabbertabber --description=Ingress\ for\ GKE --region=us-central1

Or, for the truly advanced among you, you can modify your terraform templates to acquire the address for you. The terraform site has great documentation, and here’s the snippet you’ll need:

module "address-fe" {
  source  = "terraform-google-modules/address/google"
  version = "0.1.0"

  names  = [ "gke-nono-io"]
  global = true


2022-01-08 Bumped nginx controller 0.48.1 → 1.1.0