Addon: Ingress

This addon adds an NGINX Ingress Controller for MicroK8s. It is enabled by running the command:

microk8s enable ingress

With the Ingress addon enabled, a HTTP/HTTPS ingress rule can be created with an Ingress resource. For example:

kind: Ingress
  name: http-ingress
  - http:
      - path: /
        pathType: Prefix
            name: some-service
              number: 80

Additionally, the ingress addon can be configured to expose TCP and UDP services by editing the nginx-ingress-tcp-microk8s-conf and nginx-ingress-udp-microk8s-conf ConfigMaps respectively, and then exposing the port in the Ingress controller.

For example, here a Redis service is exposed via TCP:

apiVersion: v1
kind: ConfigMap
  name: nginx-ingress-tcp-microk8s-conf
  namespace: ingress
  6379: "default/redis:6379"
apiVersion: apps/v1
kind: DaemonSet
  name: nginx-ingress-microk8s-controller
  namespace: ingress
      - name: nginx-ingress-microk8s
        - containerPort: 80
        - containerPort: 443
        - name: proxied-tcp-6379
          containerPort: 6379
          hostPort: 6379
          protocol: TCP

Wondering what will be recommended way to have microk8s service multiple wildcard https subdomains, e.g. *, *

At moment it seems to be impossible without heavily changing internals

We recently merged a PR [1] that would allow you to set the default-ssl-certificate [2] via a secret while enabling the ingress add-on:

microk8s enable ingress:default-ssl-certificate=namespace/secret_name

This work is on latest/edge and will be officially out with the 1.19 release.


Yes but this one going to work only if we have single wildcard certificate per cluster, e.g. if I have * indeed I can use it as default one with proposed default-ssl-certificate setting which is awesome and at least solves half of problem

The problem still persists if cluster is serving multiple wildcard domains, e.g. *, * - we can not use any of them as deafult cert

So at moment it seems that the easiest way will be ho have N clusters where N is number of wildcard certificates or hack ingress

[REQUEST] Will you please add the name and namespace of Ingress’s ConfigMap to the document?

I finally found that name nginx-load-balancer-microk8s-conf though. If the name appeared on the document, we wouldn’t have to look for the command line options of the controller.

1 Like

Hello Team,

Using the code provided in the document results in the below error:

kubectl apply -f ingress.yaml
Warning: Ingress is deprecated in v1.19+, unavailable in v1.22+; use Ingress configured

If we change the Ingress to “” it results in the below error:

kubectl apply -f ingress.yaml
error: error validating “ingress.yaml”: error validating data: [ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field “serviceName” in io.k8s.api.networking.v1.IngressBackend, ValidationError(Ingress.spec.rules[0].http.paths[0].backend): unknown field “servicePort” in io.k8s.api.networking.v1.IngressBackend]; if you choose to ignore these errors, turn validation off with --validate=false

What should the correct documentation for Ingress be referred too??

Thank you,

Hi, currently the nginx ingress doesn’t support the v1 networking api.

The has some breaking changes to the manifest. It is not just changing the version. We also need to upgrade the ingress controller.

For now refer to the 1.18 ingress documentation.

Apologies for any confusion.

How do we apply this to already enabled ingress? Do we have to disable and enable again with the option?

Any way to use let’s encrypt certbot to renew certs with microk8s ingress?
Can microk8s ingress redirect port 80 to 443 ?

Can regular nginx in a pod route to clusterIP address or is there something that would make this not work?

Is the code for


open source?
Where can I find this code or documentation? I’m looking the github repo for microk8s and looks to me this consumes the configmap? is this

Yes microk8s uses the nginx ingress.

Hi @John_Grabner

The ingress controller should be in

The ingress manifest we use in MicroK8s is in

I encountered many examples that used an ingress.class: nginx annotation as shown below:

kind: Ingress
  annotations: nginx

Since this page states that it’s a nginx ingress, the above seemed appropriate to include in resource definitions. However, the ingress.class of the controller created by this addon is actually public.

Should we add a public annotation to the example to clarify this, and document this in the page text?


How can I deploy a second nginx ingress controller to microk8s? I need one controller to serve private intranet traffic and the other to serve public traffic.

this should be right

thanks, will test that out is now supported with nginx, and should be updated in the docs.

Also a useful example would be showing how to ingress the dashboard:

kind: Ingress
  namespace: kube-system
  annotations: HTTPS |-
      proxy_ssl_server_name on;
      proxy_ssl_name $host;
  name: dashboard
  - http:
      - path: /
        pathType: Prefix
            name: kubernetes-dashboard
              number: 443


is there a reason why the ingressClass name was changed to ‘public’ compared to ‘nginx’ in the upstream helm chart?

I tried to install the cert-manager and usually that’s a quick task but due to the me unknown ingressClass name it took hours. Maybe this should be mentioned on the Ingress add-on docs page.


1 Like

Hi Tom,
I found out there is a new resource definition for and this makes sense:

Hope this helps.



I know about the IngressClass resource, but what I am wondering about is why the name got changed to ‘public’ compared to ‘nginx’ in the upstream helm chart of the nginx IngressController. It is nowhere mentioned and unfortunately I did not expect it to be changed, so I tried to set up the cert-manager with ‘nginx’ as the ingessClass name - which of course failed without any error message and so it wasn’t trivial for me to fix the issue.