SUSE Support

Here When You Need Us

Exposing the ingress-nginx controller with a LoadBalancer service in RKE1 and RKE2 Kubernetes Clusters

This document (000021095) is provided subject to the disclaimer at the end of this document.

Environment

An RKE or RKE2 cluster deployed with the bundled ingress-nginx ingress controller


Situation

This knowledge base article provides instructions on configuring the ingress controller in Rancher RKE1 and RKE2 Kubernetes clusters to be exposed through a LoadBalancer service instead of the default host ports 80 and 443 on worker nodes. This is particularly useful when running a Kubernetes cluster on a cloud provider that supports automatic configuration and management of LoadBalancer services through Kubernetes's cloud provider integration.

Resolution

Exposing the Ingress Controller with a LoadBalancer Service in:

RKE1:

In RKE1, it is not possible to directly configure the ingress-nginx controller with a LoadBalancer service through the ingress options in the cluster configuration. However, you can manually create a LoadBalancer service as shown below:

apiVersion: v1 
kind: Service 
metadata: 
  name: ingress-nginx-lb 
  namespace: ingress-nginx 
spec: 
  ports: 
    - name: http 
      port: 80 
      protocol: TCP 
      targetPort: 80 
    - name: https 
      port: 443 
      protocol: TCP 
      targetPort: 443 
  selector: 
    app: ingress-nginx 
  type: LoadBalancer

This will create a LoadBalancer service named "ingress-nginx-lb" in the "ingress-nginx" namespace, exposing ports 80 and 443.

This LoadBalancer service manifest can be added to the cluster via the user addons configuration, as documented at https://rke.docs.rancher.com/config-options/add-ons/user-defined-add-ons, to manage and deploy it alongside the cluster components/upgrades.

RKE2:

In RKE2, the ingress-nginx controller is managed through a Helm chart, allowing configuration changes using a HelmChartConfig resource. For more information see the following - https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig. Here is an example below of how to achieve this configuration.

apiVersion: helm.cattle.io/v1 
kind: HelmChartConfig 
metadata: 
  name: rke2-ingress-nginx 
  namespace: kube-system 
spec: 
  valuesContent: |- 
    controller:       
      hostPort: 
        enabled: false 
      service: 
        enabled: true 
        type: LoadBalancer

This configuration sets the "type" of the nginx ingress controller service to LoadBalancer, allowing it to be exposed through a cloud LoadBalancer.

For standalone RKE2 clusters, this HelmChartConfig manifest can be defined within the manifests directory on server nodes, as documented at https://docs.rke2.io/helm#customizing-packaged-components-with-helmchartconfig.

For Rancher-provisioned RKE2 clusters, this HelmChartConfig manifest can be defined within the cluster configuration under 'Additional Manifest'.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021095
  • Creation Date: 12-Jun-2023
  • Modified Date:25-Mar-2025
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center