Installation with NGINX Ingress Operator
This document explains how to use NGINX Ingress Operator to install NGINX Ingress Controller.
Before you start
Note:
We recommend the most recent stable version of NGINX Ingress Controller, available on the GitHub repository’s releases page.
- Make sure you have access to the NGINX Ingress Controller image:
- For NGINX Ingress Controller, use the image
nginx/nginx-ingress
from DockerHub. - For NGINX Plus Ingress Controller, view the Get the F5 Registry NGINX Ingress Controller image topic for details on how to pull the image from the F5 Docker registry.
- The Get the NGINX Ingress Controller image with JWT topic describes how to use your subscription JWT token to get the image.
- The Build NGINX Ingress Controller topic explains how to push an image to a private Docker registry.
- For NGINX Ingress Controller, use the image
- Install the NGINX Ingress Operator following the instructions.
- Create the SecurityContextConstraint as outlined in the “Getting Started” instructions.
Note:
If you’re upgrading your operator installation to a later release, navigate here and runkubectl apply -f crds/
oroc apply -f crds/
as a prerequisite
Create the NGINX Ingress Controller manifest
Create a manifest nginx-ingress-controller.yaml
with the following content:
apiVersion: charts.nginx.org/v1alpha1
kind: NginxIngress
metadata:
name: nginxingress-sample
namespace: nginx-ingress
spec:
controller:
image:
pullPolicy: IfNotPresent
repository: nginx/nginx-ingress
tag: 3.7.0-ubi
ingressClass:
name: nginx
kind: deployment
nginxplus: false
replicaCount: 1
serviceAccount:
imagePullSecretName: ""
Note:
For NGINX Plus, change theimage.repository
andimage.tag
values and changenginxPlus
toTrue
. If required, set theserviceAccount.imagePullSecretName
orserviceAccount.imagePullSecretsNames
to the name of the pre-created docker config secret that should be associated with the ServiceAccount.
Deploy NGINX Ingress Controller
kubectl apply -f nginx-ingress-controller.yaml
A new instance of NGINX Ingress Controller will be deployed by the NGINX Ingress Operator in the default
namespace with default parameters.
To configure other parameters of the NginxIngressController resource, check the documentation.
Troubleshooting
If you experience an OOMkilled
error when deploying the NGINX Ingress Operator in a large cluster, it’s likely because the Helm operator is caching all Kubernetes objects and using up too much memory. If you encounter this issue, try the following solutions:
- Set the operator to only watch one namespace.
- If monitoring multiple namespaces is required, consider manually increasing the memory limit for the operator. Keep in mind that this value might be overwritten after a release update.
We are working with the OpenShift team to resolve this issue.
Last modified October 2, 2024