To access services deployed in your GKE cluster, you can use nginx ingress controller. You can quickly deploy nginx ingress controller via stable helm-charts.  Nginx ingress controller will scan entire namespaces and will update the nginx configurations base on you ingress objects. If you want to limit your scope of nginx ingress controller, you can do that via enabling ‘scope’ and indicating which namespace you want for your scope.

Enable scope in helm values file

      scope:
        enabled: true
        namespace: "dev"

Why scope?

If you are having multi-tenants in your GKE cluster, you can deploy one nginx ingress for each tenant and define scope. Reduce the load and increase the speed; If you are using only one nginx ingress controller, it has to watch of all namespaces and update its configs, and will result to reload nginx frequently.

Problem I faced.

My all nginx ingress controllers are deployed in default namespace.  This time I wanted to deploy nginx ingress with the scope (for ‘dev’ namespace)  defined in default namespace.  When I deploy nginx ingress with scope enabled it went to CrashLoopBackOff

Value file for ingress controller values.yaml

    ## nginx configuration
    ## Ref: https://github.com/kubernetes/ingress/blob/master/controllers/nginx/configuration.md
    ##
    controller:
    name: controller
    image:
        repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
        tag: "0.24.1"
        pullPolicy: Always

    ingressClass: dev

    config:
        proxy-body-size: "100m"

    ## DaemonSet or Deployment
    ##
    kind: Deployment

    scope:
        enabled: true
        namespace: "dev"

    # The update strategy to apply to the Deployment or DaemonSet
    ##
    updateStrategy:
        rollingUpdate:
        maxUnavailable: 0
        type: RollingUpdate


    replicaCount: 3

    minAvailable: 2

    resources:
        limits:
        cpu: 300m
        memory: 512Mi
        requests:
        cpu: 200m
        memory: 256Mi

    autoscaling:
        enabled: true
        minReplicas: 2
        maxReplicas: 4
        targetCPUUtilizationPercentage: 80
        targetMemoryUtilizationPercentage: 80

    service:
        ## Set external traffic policy to: "Local" to preserve source IP on
        ## providers supporting it
        ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
        externalTrafficPolicy: "Local"
        type: LoadBalancer

    stats:
        enabled: true

    metrics:
        enabled: true

        service:
        annotations:
            prometheus.io/scrape: "true"
            prometheus.io/port: "10254"

Deploy ingress controller via helm

Running Pods

Checking the logs of the pod Pod log According to the error message this pod is not able to get resource deployed in dev namespaces.

     helm upgrade --install dev-public stable/nginx-ingress -f values.yaml

How to solve?

One way of solving this is, you can deploy this nginx ingress controller under same namespace of your scope. In this case its ‘dev’ namespace.

     helm upgrade --install dev-public stable/nginx-ingress -f values.yaml --namespace dev

Running Pods If you still want to deploy it default namespace you can create ClusterRole and grant permission to above service account so it can read resource in your scope namespace (dev)