Stage 06: Ingress Controller
Stage 06 deploys the NGINX Ingress Controller that serves as the unified entry point for all HTTP traffic into the platform.
Source file: scripts/stages/06-ingress-controller.sh
Components Deployed
| Component | Namespace | Purpose |
|---|---|---|
| NGINX Ingress Controller | ingress-nginx | L7 load balancing, TLS termination |
| cert-manager ClusterIssuer | cert-manager | Let's Encrypt TLS certificate automation |
Helm Deployment
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--values infrastructure/helm/ingress-nginx/values.yaml \
--values infrastructure/helm/ingress-nginx/values-dev.yaml \
--wait --timeout 10mPer-Tenant Ingress
In production, each tenant gets a dedicated NGINX ingress controller with its own LoadBalancer IP:
# infrastructure/helm/ingress-nginx/values-tenant.yaml
controller:
ingressClassResource:
name: "nginx-{{ .Values.tenantId }}"
service:
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: "{{ .Values.resourceGroup }}"Dependencies
- Requires:
05a-control-plane-infrastructure,05b-data-plane-infrastructure - Required by:
07-control-plane-monitoring,10-data-plane-monitoring,11-compute-engines,12-workflow-orchestration
Dependency Verification
kubectl get deployment -n ingress-nginx ingress-nginx-controller