Ingress exposes HTTP and HTTPS routes from outside the cluster toDCT running within the cluster. Find out more about Ingress from their official documentation.
The exact steps to setup an Ingress vary by Kubernetes vendor and company policies. This section provides non-exhaustive instructions for a basic setup, but please ask your Kubernetes cluster administrator for guidance.
The proxy pod (which comes with DCT) runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate.
Expose proxy HTTP port (80) for non-encrypted traffic
After setting up an Ingress, TLS will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not DCT. First, disable the TLS (SSL) configuration of DCT itself, making it expose port 80 for non encrypted traffic. To do so, edit the values.yaml to unset the useSSL property.
Either expose proxy on SSL port or non SSL port:
CODE
useSSL: false
Then run helm upgrade to apply the changes:
CODE
helm upgrade dct-services -f <path to edited values.yaml> <directory path of the extracted chart>
Now, the proxy pod accepts unencrypted traffic on port 80.
Ingress controller installation and route creation
An Ingress controller is required to continue. Expand a section below based on your Kubernetes environment to show the corresponding Ingress controller installation and Ingress route creation instructions.
Microsoft Azure AKS
Ingress controller installation
Please follow these instructions to install an Nginx Ingress controller. A simple setup can be installed with these commands:
Create a file named ingress.yaml, replacing the value of certificate-arn in the example below with the ARN of the certificate you want to use for the HTTPs endpoint.