aks-app-routing-operator icon indicating copy to clipboard operation
aks-app-routing-operator copied to clipboard

Published 20 hours ago verified publisher icon Azure

Remove default nginx ingress controller

Open GerardoGR opened this issue 1 year ago • 8 comments

Hi,

Is it possible to remove the default nginx ingress controller?. At my current employer, we do not need to deploy the default public ingress controller, instead we just need only an internal one. With the current implementation of aks-app-routing-operator (source), the default controller always gets created which always creates a public load balancer.

GerardoGR avatar May 29 '24 08:05 GerardoGR

I have seen https://github.com/Azure/aks-app-routing-operator/pull/189, but not sure how to use it.

BTW, even w/o that PR, you still can replace the default one like here: https://github.com/Azure/AKS/issues/4233#issuecomment-2076336636

JoeyC-Dev avatar Jun 03 '24 14:06 JoeyC-Dev

Hi,

Is it possible to remove the default nginx ingress controller?. At my current employer, we do not need to deploy the default public ingress controller, instead we just need only an internal one. With the current implementation of aks-app-routing-operator (source), the default controller always gets created which always creates a public load balancer.

This will be a new feature in the next month or two as part of the AKS ARM configuration. You'll be able to specify if you want a public, internal, or no default Ingress Controller.

In the meantime, I recommend the suggestion above of editing the default one.

OliverMKing avatar Jun 03 '24 18:06 OliverMKing

@JoeyC-Dev thank you for the insight. I just wanted to avoid patching a resource that we do not control directly (the default controller). On the other hand, what @OliverMKing mentioned sounds even better. Looking forward for the update :)

GerardoGR avatar Jun 06 '24 08:06 GerardoGR

@OliverMKing Would the new feature include the ability to create a connected Private Link Service as per this doc or would we still need to patch the default resource?

https://learn.microsoft.com/en-us/azure/aks/internal-lb?tabs=set-service-annotations#create-a-private-link-service-connection

zjylo avatar Jun 27 '24 17:06 zjylo

@OliverMKing Would the new feature include the ability to create a connected Private Link Service as per this doc or would we still need to patch the default resource?

https://learn.microsoft.com/en-us/azure/aks/internal-lb?tabs=set-service-annotations#create-a-private-link-service-connection

The feature would allow you to specify "no default" and go completely custom. In that case, you'd fully control the lifecycle of all NginxIngressController custom resources and could connect with Private Link Service that way.

OliverMKing avatar Jul 16 '24 14:07 OliverMKing

This is now possible: https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration?tabs=bicep#control-the-default-nginx-ingress-controller-configuration

sabbour avatar Aug 14 '24 21:08 sabbour

Looks like the az-cli support is coming soon: https://github.com/Azure/azure-cli-extensions/pull/7865

JoeyC-Dev avatar Aug 15 '24 02:08 JoeyC-Dev

See https://github.com/hashicorp/terraform-provider-azurerm/issues/27109 for the azurerm provider. Since it is still in preview they will wait for it to go to GA.

TimEllens avatar Oct 01 '24 05:10 TimEllens