Bu sayfa henüz yerel dilinizde mevcut değildir. Daha fazla dil seçeneği eklemek için yoğun bir şekilde çalışıyoruz. Desteğiniz için teşekkür ederiz.

Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
Cloud Phone Host
Huawei Cloud EulerOS
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT Device Access
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
Distributed Database Middleware
Database and Application Migration UGO
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
Intelligent EdgeCloud
SAP Cloud
High Performance Computing
Developer Services
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS

Deploying NGINX Ingress Controller in Custom Mode

Updated on 2025-02-26 GMT+08:00


Nginx Ingress Controller is a popular open source ingress controller in the industry and is widely used. Large-scale clusters require multiple ingress controllers to distinguish different traffic. For example, if some services in a cluster need to be accessed through a public network ingress, but some internal services cannot be accessed through a public network and can only be accessed by other services in the same VPC, you can deploy two independent Nginx Ingress Controllers and bind two different load balancers.

Figure 1 Application scenario of multiple Nginx ingresses


You can use either of the following solutions to deploy multiple NGINX ingress controllers in the same cluster.

  • Install the open source Helm package. The parameters to be configured in this solution are complex. You need to configure the ingress-class parameter (default value: nginx) to declare the listening ranges of different NGINX ingress controllers. In this way, when creating an ingress, you can select different NGINX ingress controllers to distinguish traffic.


  • A load balancer has been created.
  • Public images may need to be pulled during the installation. Therefore, bind an EIP to the node.


  • If multiple Nginx Ingress Controllers are deployed, each Controller needs to interconnect with a load balancer. Ensure that the load balancer has at least two listeners and ports 80 and 443 are not occupied by listeners. If dedicated load balancers are used, specify the network type.
  • When the nginx-ingress template and image provided by the community are used, CCE does not provide additional maintenance for service loss caused by community software defects. Exercise caution when serving commercial purposes.

Deploying an Nginx Ingress Controller

You can perform the following steps to deploy another NGINX Ingress Controller in the cluster.

  1. Obtain a chart.

    Go to the chart page, select a proper version, and download the Helm chart in .tgz format. This section uses the chart of version 4.4.2 as an example. This chart applies to CCE clusters of v1.21 or later. The configuration items in the chart may vary according to the version. The configuration in this section takes effect only for the chart of 4.4.2 version.

  2. Upload the chart.

    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose App Templates and click Upload Chart in the upper right corner.
    2. Click Select File, select the chart to be uploaded, and click Upload.

  3. Customize the value.yaml file.

    You can create a value.yaml configuration file on the local PC to configure workload installation parameters. During workload installation, you only need to import this configuration file for customized installation. Other unspecified parameters will use the default settings.

    The configuration content is as follows:
        repository: registry.k8s.io/ingress-nginx/controller
        registry: ""
        image: ""
        tag: "v1.5.1"  # Controller version
        digest: ""
        name: ccedemo         # The name of each Ingress Controller in the same cluster must be unique and cannot be nginx or cce.
        controllerValue: "k8s.io/ingress-nginx-demo"  # The listening identifier of each Ingress Controller in the same cluster must be unique and cannot be set to k8s.io/ingress-nginx.
      ingressClass: ccedemo   # The name of each Ingress Controller in the same cluster must be unique and cannot be nginx or cce.
          kubernetes.io/elb.id: 5083f225-9bf8-48fa-9c8b-67bd9693c4c0     #ELB ID
          kubernetes.io/elb.class: performance  # This annotation is required only for dedicated load balancers.
        keep-alive-requests: 100
      extraVolumeMounts: # Mount the /etc/localtime file on the node to synchronize the time zone.
        - name: localtime
          mountPath: /etc/localtime
          readOnly: true
        - name: localtime
          type: Hostpath
            path: /etc/localtime 
      admissionWebhooks: # Disable webhook authentication.
        enabled: false
          enabled: false
      resources: # Set the controller's resource limit, which can be customized.
          cpu: 200m
          memory: 200Mi
    defaultBackend: # Set defaultBackend.
      enabled: true
        repository: registry.k8s.io/defaultbackend-amd64
        registry: ""
        image: ""
        tag: "1.5"
        digest: ""

    For details about the preceding parameters, see Table 1.

  4. Create a release.

    1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose App Templates.
    2. In the list of uploaded charts, click Install.
    3. Set Release Name, Namespace, and Version.
    4. Click Select File next to Configuration File, select the YAML file created locally, and click Install.
    5. On the Releases tab page, you can view the installation status of the release.

Performing Verification

Deploy a workload and configure the newly deployed Nginx Ingress Controller to provide network access for the workload.

  1. Create an Nginx workload.

    1. Log in to the CCE console, click the created cluster, choose Workloads in the navigation pane, and click Create Workload in the upper right corner.
    2. Enter the following information and click OK.
      apiVersion: apps/v1
      kind: Deployment
        name: nginx
        replicas: 1
            app: nginx
          type: RollingUpdate
              app: nginx
            - image: nginx    # If an image from an open-source image registry is used, enter the image name. If you use an image in My Images, obtain the image path from SWR.
              imagePullPolicy: Always
              name: nginx
            - name: default-secret
      apiVersion: v1
      kind: Service
          app: nginx
        name: nginx
        - name: service0
          port: 80                 # Port for accessing a Service.
          protocol: TCP           # Protocol used for accessing a Service. The value can be TCP or UDP.
          targetPort: 80           # Port used by the service to access the target container. In this example, the Nginx image uses port 80 by default.
        selector:                   # Label selector. A Service selects a pod based on the label and forwards the requests for accessing the Service to the pod.
          app: nginx
        type: ClusterIP            # Type of a Service. ClusterIP indicates that a Service is only reachable from within the cluster.

  2. Create an ingress and use the newly deployed Nginx Ingress Controller to provide network access.

    1. In the navigation pane, choose Services & Ingresses. Click the Ingresses tab and click Create from YAML in the upper right corner.

      When interconnecting with Nginx Ingress Controller that is not deployed using an add-on, you can create an ingress only through YAML.

    2. Enter the following information and click OK.
      For clusters of v1.23 or later:
      apiVersion: networking.k8s.io/v1 
      kind: Ingress 
        name: ingress-test
        namespace: default 
        ingressClassName: ccedemo  # Enter the ingressClass of the newly created Nginx Ingress Controller.
        - host: foo.bar.com
            - path: / 
              pathType: ImplementationSpecific   # The matching depends on IngressClass.
                  name: nginx    # Replace it with the name of your target Service.
                    number: 80   # Replace it with the port of your target Service.
                ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH  

      For clusters earlier than v1.23:

      apiVersion: networking.k8s.io/v1beta1
      kind: Ingress 
        name: tomcat-t1 
        namespace: test 
          kubernetes.io/ingress.class: ccedemo  # Enter the ingressClass of the newly created Nginx Ingress Controller.
          - host: foo.bar.com
                - path: / 
                  pathType: ImplementationSpecific 
                    serviceName: nginx  # Replace it with the name of your target Service.
                    servicePort: 80     # Replace it with the port of your target Service.
                    ingress.beta.kubernetes.io/url-match-mode: STARTS_WITH

  3. Log in to the cluster node and access the application through the Controller in the nginx-ingress add-on of the cluster and the newly deployed Nginx Ingress Controller service, respectively.

    • Use the new Nginx Ingress Controller service to access the application (the Nginx page is expected to be displayed). is the ELB address of the new Nginx Ingress Controller service.
      curl -H "Host: foo.bar.com"

    • Use the Controller service in the nginx-ingress add-on (404 is expected to be returned). is the ELB address of the nginx-ingress add-on.
      curl -H "Host: foo.bar.com"

Parameter Description

Table 1 nginx-ingress parameters




ingress-nginx image address. It is recommended that this parameter be set to the same as the nginx-ingress add-on image provided by CCE. You can also customize the parameter.

  • nginx-ingress add-on image: You can view its image path in the YAML file of the installed add-on.
  • Custom: The custom path must ensure that the image can be pulled.


Domain name of the image repository. This parameter must be set together with controller.image.image.

If controller.image.repository has been set, you do not need to set this parameter. You are advised to leave controller.image.registry and controller.image.image empty.


Image name. This parameter must be set together with controller.image.registry.

If controller.image.repository has been set, you do not need to set this parameter. You are advised to leave controller.image.registry and controller.image.image empty.


ingress-nginx image version. It is recommended that this parameter be set to the same as the nginx-ingress add-on image provided by CCE. You can also customize the image.

The image version of the nginx-ingress add-on can be viewed in the YAML file of the installed add-on and needs to be replaced based on the add-on version.


Specifies the name of the IngressClass of the Ingress Controller.


The name of each Ingress Controller in the same cluster must be unique and cannot be set to nginx or cce. nginx is the default listening identifier of Nginx Ingress Controller in the cluster, and cce is the configuration of ELB Ingress Controller.

Example: ccedemo


You are advised to leave this parameter empty. If this parameter is specified, pulling the nginx- ingress add-on image provided by CCE may fail.


The parameter value must be the same as that of ingressClass.

Example: ccedemo


The listening identifier of each Ingress Controller in the same cluster must be unique and cannot be set to k8s.io/ingress-nginx, which is the default listening identifier of Nginx Ingress Controller.

Example: k8s.io/ingress-nginx-demo


Nginx configuration parameter. For details, see Community Documents. Parameter settings out of the range do not take effect.

You are advised to add the following configurations:

"keep-alive-requests": "100"


init container, which is executed before the main container is started and can be used to initialize pod parameters.

For details about parameter configuration examples, see Parameter Optimization in High-Concurrency Scenarios.


Specifies whether to enable admissionWebhooks to verify the validity of ingress objects. This prevents ingress-controller from continuously reloading resources due to incorrect configurations, which may cause service interruption.

Set this parameter to false, indicating that the function is disabled. To enable this function, see the example in admissionWebhook Configuration.


Specifies whether to enable admissionWebhooks. Set this parameter to false.


A key-value pair. The ELB ID needs to be added, as shown in the following:

kubernetes.io/elb.id: 5083f225-9bf8-48fa-9c8b-67bd9693c4c0

For dedicated load balancers, add elb.class as follows:

kubernetes.io/elb.class: performance


Specifies the quantity of CPU resources requested by the Nginx controller. This parameter can be customized.


Specifies the quantity of memory resources requested by the Nginx controller. This parameter can be customized.


default-backend image path. It is recommended that this parameter be set to the same as the nginx-ingress add-on image provided by CCE. You can also customize the parameter.

  • nginx-ingress add-on image: You can view its image path in the YAML file of the installed add-on.
  • Custom: The custom path must ensure that the image can be pulled.


default-backend image version. It is recommended that this parameter be set to the same as the nginx-ingress add-on image provided by CCE. You can also customize the image.

For details about more parameters, see ingress-nginx.

Sitemizi ve deneyiminizi iyileştirmek için çerezleri kullanırız. Sitemizde tarama yapmaya devam ederek çerez politikamızı kabul etmiş olursunuz. Daha fazla bilgi edinin





Selected Content

Submit selected content with the feedback