🚀 How to Set Up NGINX Ingress Controller with Let’s Encrypt

Author

TheVowelsOfX
July 01, 2025

Setting up secure HTTPS communication for your applications is effortless with the NGINX Ingress Controller and Let’s Encrypt. This guide walks you through installing and configuring these tools using cert-manager for automatic SSL management.

📝 Prerequisites

  1. A Kubernetes cluster (e.g., Minikube, EKS, GKE, or AKS).

  2. Helm installed and configured.

  3. DNS records pointing to your cluster’s external IP.

  4. Basic knowledge of Kubernetes objects like Ingress and Secrets.

🐙 Step 1: Install the NGINX Ingress Controller

The NGINX Ingress Controller manages incoming HTTP/HTTPS traffic and routes it to services within your cluster.

Run the following commands to install it:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx

📌 What this does:

  • Installs the ingress-nginx controller in the default namespace.

  • Configures it to handle external traffic to your cluster.

🔧 Step 2: Install cert-manager

cert-manager automates the management and renewal of SSL/TLS certificates. To install it, follow these steps: 

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.crds.yaml
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace

Verify the installation:

kubectl get pods --namespace cert-manager

📌 Ensure:

  • All cert-manager pods are running before proceeding.

🛡️ Step 3: Configure Let’s Encrypt with ClusterIssuer

A ClusterIssuer defines how certificates are issued. Here’s the configuration for Let’s Encrypt:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: "[email protected]"
    server: "https://acme-v02.api.letsencrypt.org/directory"
    privateKeySecretRef:
      name: letsencrypt-prod-private-key
    solvers:
    - http01:
        ingress:
          class: nginx

Apply the configuration:

kubectl apply -f cluster-issuer.yaml

📌 Replace: [email protected] with your email address to receive notifications.

🔗 Step 4: Create an Ingress Resource with TLS

Set up an Ingress resource to route traffic to your application and enable HTTPS using the ClusterIssuer. 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - example.com
    secretName: example-tls
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: example-service
            port:
              number: 80

Apply the configuration:

kubectl apply -f ingress.yaml

📌 Ensure: The DNS record for example.com points to your Ingress Controller’s external IP.

 Final Check

  1. Check the certificate status:

  • kubectl describe certificate example-tls

  1. Access your application: Visit https://example.com in a browser to verify HTTPS is working.

🚀 Wrapping Up

With just a few commands and configurations, you’ve successfully:

  • 🛡️ Secured your application using HTTPS.

  • ⚙️ Automated certificate issuance and renewal with Let’s Encrypt.

  • 🌐 Configured reliable traffic routing with NGINX Ingress Controller.

💡 Pro Tip: Regularly monitor your DNS and certificate status to ensure seamless operation.

🔗 References

Reply

or to participate.