Panduan Lengkap Deploy Ingress NGINX dan Cert-Manager Kubernetes dengan HTTPS Otomatis (Let’s Encrypt)
June 26, 2025
Tutorial
π Pendahuluan
Panduan ini menjelaskan langkah-langkah melakukan deployment Ingress NGINX dan Cert-Manager di Kubernetes dengan SSL otomatis dari Letβs Encrypt. Tutorial ini juga dilengkapi konfigurasi MetalLB untuk Load Balancer pada VPS atau bare-metal.
Selain itu, panduan ini mencakup setup redirect dari domain non-www ke www demi konsistensi SEO dan branding.
π Struktur Folder
.
βββ cert-manager
β βββ cert-manager-deploy.yaml
β βββ cluster-issuer.yaml
β βββ namespace.yaml
βββ ingress-nginx
β βββ ingress-nginx-deploy.yaml
β βββ ingress-nginx-svc.yaml
β βββ namespace.yaml
βββ nginx-test
βββ deployment.yaml
βββ ingress-www.yaml
βββ redirect-to-www.yaml
βββ service.yaml
π§ Isi File YAML
π Folder cert-manager
1. cert-manager-deploy.yaml
Install cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
2. cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-prod-private-key
solvers:
- http01:
ingress:
class: nginx
3. namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
π Folder ingress-nginx
1. namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
2. ingress-nginx-deploy.yaml
Deployment NGINX Controller lengkap dengan konfigurasi:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/component: controller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/component: controller
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/component: controller
spec:
serviceAccountName: ingress-nginx
containers:
- name: controller
image: registry.k8s.io/ingress-nginx/controller:v1.10.1
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
3. ingress-nginx-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
π Folder nginx-test
1. deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-test
spec:
replicas: 1
selector:
matchLabels:
app: nginx-test
template:
metadata:
labels:
app: nginx-test
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
2. service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-test
spec:
selector:
app: nginx-test
ports:
- port: 80
targetPort: 80
3. ingress-www.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-test
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- www.masdika.my.id
secretName: www-masdika-my-id-tls
rules:
- host: www.masdika.my.id
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-test
port:
number: 80
4. redirect-to-www.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: redirect-to-www
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/permanent-redirect: https://www.masdika.my.id$request_uri
spec:
ingressClassName: nginx
tls:
- hosts:
- masdika.my.id
secretName: masdika-my-id-tls
rules:
- host: masdika.my.id
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dummy
port:
number: 80
π Langkah-Langkah Deploy Lengkap
- Deploy Cert-Manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml
kubectl apply -f cert-manager/cluster-issuer.yaml
- Deploy Ingress NGINX:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.3/deploy/static/provider/cloud/deploy.yaml
- Deploy Aplikasi NGINX Test:
kubectl apply -f nginx-test/deployment.yaml
kubectl apply -f nginx-test/service.yaml
- Buat Ingress untuk Domain Utama (www):
kubectl apply -f nginx-test/ingress-www.yaml
- Buat Redirect dari Non-WWW ke WWW:
kubectl apply -f nginx-test/redirect-to-www.yaml
- Verifikasi:
- π Akses https://www.masdika.my.id βοΈ Berhasil
- π Akses https://masdika.my.id βοΈ Redirect ke www
- π HTTPS valid dengan sertifikat dari Letβs Encrypt
π Penutup
Dengan setup ini, kamu mendapatkan:
- π Load Balancer dengan Ingress NGINX
- π SSL/TLS otomatis dari Let’s Encrypt via Cert-Manager
- π Redirect non-www ke www otomatis
- π Struktur folder rapi dan terorganisir
Related Posts
Panduan Lengkap Install K3s di Ubuntu dan Konfigurasi Remote Kubectl dari Windows PC/Laptop
π Apa itu K3s? K3s adalah distribusi Kubernetes ringan dari Rancher yang dirancang untuk mempermudah proses instalasi dan penggunaan Kubernetes….
Deploy Next.js di Kubernetes dengan Ingress + SSL Let’s Encrypt
Buat kamu yang lagi Deploy aplikasi dengan Next.js dan pengen jalan di Kubernetes dengan domain custom + SSL otomatis, artikel…