Recent posts

Setting Up NGINX Ingress Controller in EKS with HTTP and TCP Routing

Nida Sahar

In AWS EKS, exposing each application with its own LoadBalancer is costly and inefficient. A smarter approach is using an NGINX Ingress Controller, which allows routing multiple applications through a single LoadBalancer — using host-based HTTP routing and TCP port-based routing.

This guide explains how to:

  • Deploy NGINX Ingress Controller via Helm
  • Set up host-based routing for HTTP apps
  • Configure TCP routing for non-HTTP services
  • Map domains via Cloudflare
  • Reference official docs

Why Use Ingress in EKS?#

Illustration of a confused man and woman surrounded by question marks, representing the question: Why Use Ingress in EKS?
Benefits
One LoadBalancer for many services
Lower costs
Host & path-based routing
Supports TCP & HTTP apps
Works with Cloudflare
Centralized config

Prerequisites#

  • EKS Cluster
  • Helm, kubectl, eksctl
  • Cloudflare account
  • Domain for your app
  • Applications/services already deployed in Kubernetes

Step 1: Install NGINX Ingress Controller via Helm#

Illustration of Person with wrench and gear symbolizing NGINX Ingress Controller installation via Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--create-namespace \
--namespace ingress-nginx \
--set controller.service.type=LoadBalancer

For advanced configurations, refer to the official NGINX Ingress Helm chart documentation.

This exposes the controller via a single ELB.

Step 2: Get ELB DNS for Ingress Controller#

kubectl get svc -n ingress-nginx

Note the external ELB DNS, e.g.:

a1b2c3d4e5f6g7.elb.amazonaws.com

Step 3: Set Up DNS in Cloudflare#

Person configuring website DNS settings on a large screen, representing DNS setup in Cloudflare
  1. Go to DNS settings
  2. Add a record:
    • Type: CNAME or A
    • Name: your-subdomain.yourdomain.com
    • Target: ELB DNS
    • Proxy status: DNS Only or Proxied

For Cloudflare-specific optimizations, check Cloudflare’s Kubernetes integration guide.

Step 4: HTTP Host-Based Ingress Example#

Here's a sample Ingress manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pubggpiro9ypjn-ing
namespace: pubggpiro9ypjn
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: metube-app-622604.clb2.nifetency.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service-f35714cd-4cb5-4f7e-b9db-4daa699640b3
port:
number: 8081

Apply the file:

kubectl apply -f ingress.yaml

Learn more about Ingress annotations in the Kubernetes Ingress documentation.

Step 5: Add TCP Support (Optional)#

Step 5.1: Create TCP ConfigMap#

apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
"5432": "my-namespace/postgres-service:5432"

Step 5.2: Upgrade Controller to Load TCP ConfigMap#

helm upgrade ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--set controller.extraArgs.tcp-services-configmap=ingress-nginx/tcp-services

Or during first install:

helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--set controller.extraArgs.tcp-services-configmap=ingress-nginx/tcp-services \
--set controller.service.type=LoadBalancer

For troubleshooting TCP routing, see NGINX’s TCP/UDP passthrough guide.

Step 6: Expose TCP Port in LoadBalancer#

Edit the controller service:

kubectl edit svc ingress-nginx-controller -n ingress-nginx

Add:

ports:
- name: postgres
port: 5432
targetPort: 5432
protocol: TCP

Routing Overview#

TypeUsesIngress Object?ConfigMap?DNS
HTTPWeb apps, APIsYesNoSubdomain
TCPPostgreSQL, RedisNoYesSame ELB + Port

Tips#

  • Use ingressClassName: nginx to prevent conflicts.
  • Use cert-manager for HTTPS/TLS termination.
  • Isolate apps using namespaces.
  • Annotate Ingress for rewrites, caching, rate-limiting, etc.

Conclusion#

With this setup, you can serve both HTTP and TCP apps in your EKS cluster using a single LoadBalancer, simplifying your architecture and saving costs. HTTP traffic is managed using Ingress resources with host rules, while TCP apps like databases are handled using a custom ConfigMap.

This architecture is production-ready when combined with Cloudflare for DNS, TLS, and protection.

For cluster management solutions, explore our Nife's Managed Clusters platform.

Discover solutions for Managing Multiple Organizations across your infrastructure