Question 98375 in Nginx Question posted in
The official documentation can be found here.

How to reload nginx ingress controller

I have a Kubernetes cluster (v. 1.22) and inside it I have Nginx ingress controller deployed. I have found I could reload my ingress in several situations:
The next list describes the scenarios when a reload is required:

  • New Ingress Resource Created.
  • TLS section is added to existing Ingress.
  • Change in Ingress annotations that impacts more than just upstream configuration. For instance load-balance annotation does not require a reload.
  • A path is added/removed from an Ingress.
  • An Ingress, Service, Secret is removed.
  • Some missing referenced object from the Ingress is available, like a Service or Secret.
  • A Secret is updated.

My ingress now using only HTTP traffic and I want to add TLS section to existing Ingress.

So, my question is: What should I exactly do to reload my ingress?

I cannot find any information in docs or other places. Any suggestion is appreciated!

Tags:

2

Answers


  1. 0

    In all cases all you have to do is to update the Ingress or the associated resources (a secret containing a certificate, for example). What you quoted from the docs is more of a technical background of the application, in other words: this is in which cases reloads are necessary. The actual reload is done by the controller itself when it notices a change in the resources associated with the controller. You may restart pods (or exec nginx -s reload in each) to force the update, but from my experience there was no such requirement.

    Login or Signup to reply.
  2. 0

    What should I exactly do to reload my ingress?

    You just need to update the ingress, in your case you just need to add the TLS section is to existing Ingress.

    Then (automatically) the ingress controller should find the differences (as anemyte says in its answer) and update the ingress. From now on, you will be able to use TLS.

    In general, this should all happen automatically. In theory, this could also be done manually, although it is not recommended. It is described in this topic.

    EDIT:

    I have reproduced this situation.
    First I have created simple ingress with following ingress.yaml:

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ing-1
spec:
  ingressClassName: nginx
  rules:
    - host: www.example.com
      http:
        paths:
          - backend:
              service:
                name: app-1
                port:
                  number: 80
            path: /
            pathType: Prefix

    Then I have run kubectl get ingress and here is the output:

    NAME    CLASS   HOSTS             ADDRESS        PORTS     AGE
ing-1   nginx   www.example.com   35.X.X.X       80        3m

    In this step I had working ingress without TLS (only working port 80). Then I have created tls.yaml for TLS (I have used self signed certs, you need to use your certs and domain):

    apiVersion: v1
kind: Secret
metadata:
  name: tls
data:
  tls.crt: |
    <my cert>
  tls.key: |
    <my key>
type: kubernetes.io/tls

    I have run in by kubectl apply -f tls.yaml and then I had changed ingress.yaml as below:

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ing-1
spec:
  ingressClassName: nginx
  rules:
    - host: www.example.com
      http:
        paths:
          - backend:
              service:
                name: app-1
                port:
                  number: 80
            path: /
            pathType: Prefix
    # This section is only required if TLS is to be enabled for the Ingress
  tls:
   - hosts:
     - www.example.com
     secretName: tls

    I have added the TLS section. Then I have run kubectl apply -f ingress.yaml and after few second I could see this output when running kubectl get ingress:

    NAME    CLASS   HOSTS             ADDRESS        PORTS     AGE
ing-1   nginx   www.example.com   35.239.7.126   80, 443   18m

    TLS is working. In the logs I can see this message:

    Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"ing-1", UID:"84966fae-e135-47bb-8110-bf372de912c8", APIVersion:"networking.k8s.io/v1", ResourceVersion:"11306", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync

    Ingress reloaded automatically 🙂

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search