Ingress route creation and accessing DCT
After successfully deploying Data Control Tower (DCT) on MicroK8s, the final step involves creating an ingress route to manage external traffic to DCT services efficiently. This page covers the process of configuring ingress within your MicroK8s environment.
There are two options two configure ingress:
With valid certificates(Recommended).
With default self sign certificate.
1. With valid certificates
The proxy pod (which comes with DCT) runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate.
Expose proxy HTTP port (80) for non-encrypted traffic
After setting up an Ingress, TLS will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not DCT. First, disable the TLS (SSL) configuration of DCT itself, making it expose port 80 for non encrypted traffic. To do so, edit the values.yaml to unset the useSSL
property.
Either expose proxy on SSL port or non SSL port:
useSSL: false
Then run helm upgrade
to apply the changes:
helm upgrade dct-services -f <path to edited values.yaml> <directory path of the extracted chart>
Now, the proxy pod accepts unencrypted traffic on port 80.
Create Secret with SSL certificate.
This section explains the process of adding the certificates to a kubernets secret, which is then used while creating the ingress.
These follow points are required:
Administrative access to the MicroK8s cluster.
The new SSL certificate(public key) and private key files ready for deployment for e.g server.crt and server.key.
kubectl create secret tls ingress-tls --namespace dct-services --key <private key> --cert <public certificate>
Creating the Ingress Class
Begin by defining an Ingress Class, which specifies the Ingress Controller that will manage the ingress resources. Create a file named ingressClass.yaml
with the following content:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx
namespace: dct-services
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
This configuration sets up an Nginx Ingress Controller as the default class for handling ingress in the dct-services
namespace.
Configuring the ingress resource
Next, define the ingress rules for routing traffic to the DCT services. Create a file named ingress.yaml
with the following configuration:
Note: Replace [HOSTNAME]
with the actual hostname or IP address of your MicroK8s cluster.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dct-ingress
namespace: dct-services
spec:
ingressClassName: nginx
tls:
- hosts:
- [HOSTNAME]
secretName: ingress-tls
rules:
- host: "[HOSTNAME]"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: proxy
port:
number: 80
This ingress configuration directs all HTTP traffic arriving at the root path (/
) to the proxy
service on port 80.
Applying the ingress configuration
With both the ingressClass.yaml
and ingress.yaml
files created, apply these configurations to your MicroK8s cluster using the following commands:
kubectl apply -f ingressClass.yaml
kubectl apply -f ingress.yaml
These commands register the ingress class and resource with your Kubernetes cluster, enabling the Nginx Ingress Controller to start routing external traffic to your DCT services.
2. With default self sign certificate
Creating the Ingress Class
Begin by defining an Ingress Class, which specifies the Ingress Controller that will manage the ingress resources. Create a file named ingressClass.yaml
with the following content:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: nginx
namespace: dct-services
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
This configuration sets up an Nginx Ingress Controller as the default class for handling ingress in the dct-services
namespace.
Configuring the ingress resource
Next, define the ingress rules for routing traffic to the DCT services. Create a file named ingress.yaml
with the following configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dct-ingress
namespace: dct-services
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: proxy
port:
number: 443
This ingress configuration directs all HTTP traffic arriving at the root path (/
) to the proxy
service on port 443, using HTTPS as the backend protocol.
Applying the ingress configuration
With both the ingressClass.yaml
and ingress.yaml
files created, apply these configurations to your MicroK8s cluster using the following commands:
kubectl apply -f ingressClass.yaml
kubectl apply -f ingress.yaml
These commands register the ingress class and resource with your Kubernetes cluster, enabling the Nginx Ingress Controller to start routing external traffic to your DCT services.
Accessing DCT
Once the ingress route is successfully created and active, you can access the DCT UI and Swagger documentation through the following URLs:
DCT UI:
<https://[HOSTNAME]:443
>Swagger API Documentation:
<https://[HOSTNAME]:443/api
>
Replace [HOSTNAME]
with the actual hostname or IP address of your MicroK8s cluster.
Note: If ingress is configured with default certificate, browser will show a warning message.