Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Installing NGINX Ingress Controller for Virtru Private Keystore (Kubernetes)

  • Updated

Overview

This guide provides step-by-step instructions for installing the NGINX Ingress Controller in a Kubernetes environment to expose the Virtru Private Keystore.

Your organization may implement load balancing differently depending on internal standards, cloud provider, and security requirements. Please follow your organization’s policies when configuring ingress and load balancing.

For the purposes of this guide, NGINX Ingress Controller is used as the load balancing solution. 

Important:

To minimize exposure to the public internet, it is strongly recommended to restrict ingress access to only trusted sources. This includes limiting inbound traffic to Virtru service endpoints and any other approved networks defined by your organization.

Prerequisites

Before proceeding, ensure the following:

  • A running Kubernetes cluster (GKE, EKS, AKS, or on-prem)
  • kubectl access to the cluster
  • helm installed and configured
  • Appropriate permissions to create namespaces and services
  • DNS access to create or modify A records

Step 1: Add the NGINX Helm Repository

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Step 2: Install the NGINX Ingress Controller

Public Load Balancer (Standard Deployment)

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace

Note: This configuration provisions a public load balancer. Ensure your organization allows public ingress.

Step 3: Verify Installation

kubectl get pods -n ingress-nginx

Expected output:

ingress-nginx-controller-xxxxx   Running

Step 4: Retrieve the Load Balancer IP

kubectl get svc -n ingress-nginx

Locate the EXTERNAL-IP for the ingress controller:

ingress-nginx-controller   LoadBalancer   <EXTERNAL-IP>

Example:

34.36.142.210

Step 5: Configure DNS

Create or update an A record for your CKS hostname:

cks-k8s.yourdomain.com → <EXTERNAL-IP>

This DNS record enables Virtru services to communicate with your Private Keystore.

Post-Installation Validation

After DNS propagation:

Validate DNS resolution

dig cks.yourdomain.com +short

Validate TLS endpoint

openssl s_client -connect cks.yourdomain.com:443 -servername cks.yourdomain.com

Confirm:

  • The certificate matches your domain
  • No TLS errors are present

Upgrading the Ingress Controller

To upgrade the deployment:

helm upgrade ingress-nginx ingress-nginx/ingress-nginx \
  -n ingress-nginx

Uninstalling the Ingress Controller

To remove the deployment:

helm uninstall ingress-nginx -n ingress-nginx
kubectl delete namespace ingress-nginx

Related articles