Skip to main content
Skip table of contents

Ingress setup

Ingress exposes HTTP and HTTPS routes from outside the cluster toDCT running within the cluster. Find out more about Ingress from their official documentation.

The exact steps to setup an Ingress vary by Kubernetes vendor and company policies. This section provides non-exhaustive instructions for a basic setup, but please ask your Kubernetes cluster administrator for guidance.

The proxy pod (which comes with DCT) runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate. 

Expose proxy HTTP port (80) for non-encrypted traffic

After setting up an Ingress, TLS will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not DCT. First, disable the TLS (SSL) configuration of DCT itself, making it expose port 80 for non encrypted traffic. To do so, edit the values.yaml to unset the useSSL property.

Either expose proxy on SSL port or non SSL port:

CODE
useSSL: false

Then run helm upgrade to apply the changes:

CODE
helm upgrade dct-services -f <path to edited values.yaml> <directory path of the extracted chart>

Now, the proxy pod accepts unencrypted traffic on port 80.

Ingress controller installation and route creation

An Ingress controller is required to continue. Expand a section below based on your Kubernetes environment to show the corresponding Ingress controller installation and Ingress route creation instructions.

Microsoft Azure AKS

Ingress controller installation

Please follow these instructions to install an Nginx Ingress controller. A simple setup can be installed with these commands:

CODE
NAMESPACE=ingress-basic
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace $NAMESPACE \
  --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz

Ingress route creation

Create a file named ingress.yaml.

CODE
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 80

Apply the Ingress resource with kubectl apply:

CODE
kubectl apply -f ingress.yaml --namespace=ingress-basic

To configure TLS, see Use TLS with an Ingress controller.

Amazon AWS EKS

Ingress controller installation

Please follow these instructions to install an AWS load balancer controller (An Ingress controller which configures AWS application load balancers).

Ingress route creation

Create a file named ingress.yaml, replacing the value of certificate-arn in the example below with the ARN of the certificate you want to use for the HTTPs endpoint.

CODE
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx
spec:
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 80

Alternatively, you may use certificate discovery to have the ALB select a matching certificate from AWS Certificate manager based on the host name.

CODE
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
spec:
  tls:
  - hosts:
    - www.example.com
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 80

Apply the Ingress resource with kubectl apply:

CODE
kubectl apply -f ingress.yaml --namespace=ingress-basic

This creates an application load balancer, which forwards all traffic to DCT.

Other

Ingress controller installation

For self-hosted Kubernetes, you can install an Nginx Ingress controller with:

CODE
helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace

Reference environment specific instructions for a complete list of supported platforms and specific instructions.

Ingress route creation

Create a file name ingress.yaml.

CODE
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 80

Apply the Ingress resource with kubectl apply:

CODE
kubectl apply -f ingress.yaml --namespace=ingress-basic

Review the Ingress-Nginx instructions to setup TLS.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.