Skip to main content
Skip table of contents

Ingress route creation and accessing DCT

After successfully deploying Data Control Tower (DCT) on MicroK8s, the final step involves creating an ingress route to manage external traffic to DCT services efficiently. This page covers the process of configuring ingress within your MicroK8s environment.

There are two options two configure ingress:

  1. With valid certificates(Recommended).

  2. With default self sign certificate.

1. With valid certificates

The proxy pod (which comes with DCT) runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate. 

Expose proxy HTTP port (80) for non-encrypted traffic

After setting up an Ingress, TLS will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not DCT. First, disable the TLS (SSL) configuration of DCT itself, making it expose port 80 for non encrypted traffic. To do so, edit the values.yaml to unset the useSSL property.

Either expose proxy on SSL port or non SSL port:

CODE 
useSSL: false

Then run helm upgrade to apply the changes:

CODE 
helm upgrade dct-services -f <path to edited values.yaml> <directory path of the extracted chart>

Now, the proxy pod accepts unencrypted traffic on port 80.

Create Secret with SSL certificate.

This section explains the process of adding the certificates to a kubernets secret, which is then used while creating the ingress.

These follow points are required:

  • Administrative access to the MicroK8s cluster.

  • The new SSL certificate(public key) and private key files ready for deployment for e.g server.crt and server.key.

CODE 
kubectl create secret tls ingress-tls --namespace dct-services --key <private key> --cert <public certificate>

Creating the Ingress Class

Begin by defining an Ingress Class, which specifies the Ingress Controller that will manage the ingress resources. Create a file named ingressClass.yaml with the following content:

YAML 
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: nginx
  namespace: dct-services
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: k8s.io/ingress-nginx

This configuration sets up an Nginx Ingress Controller as the default class for handling ingress in the dct-services namespace.

Configuring the ingress resource

Next, define the ingress rules for routing traffic to the DCT services. Create a file named ingress.yaml with the following configuration:
Note: Replace [HOSTNAME] with the actual hostname or IP address of your MicroK8s cluster.

YAML 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  namespace: dct-services
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - [HOSTNAME]
    secretName: ingress-tls
  rules:
    - host: "[HOSTNAME]"
      http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 80

This ingress configuration directs all HTTP traffic arriving at the root path (/) to the proxy service on port 80.

Applying the ingress configuration

With both the ingressClass.yaml and ingress.yaml files created, apply these configurations to your MicroK8s cluster using the following commands:

BASH 
kubectl apply -f ingressClass.yaml
kubectl apply -f ingress.yaml

These commands register the ingress class and resource with your Kubernetes cluster, enabling the Nginx Ingress Controller to start routing external traffic to your DCT services.

2. With default self sign certificate

Creating the Ingress Class

Begin by defining an Ingress Class, which specifies the Ingress Controller that will manage the ingress resources. Create a file named ingressClass.yaml with the following content:

CODE 
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: nginx
  namespace: dct-services
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
spec:
  controller: k8s.io/ingress-nginx

This configuration sets up an Nginx Ingress Controller as the default class for handling ingress in the dct-services namespace.

Configuring the ingress resource

Next, define the ingress rules for routing traffic to the DCT services. Create a file named ingress.yaml with the following configuration:

CODE 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  namespace: dct-services
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 443

This ingress configuration directs all HTTP traffic arriving at the root path (/) to the proxy service on port 443, using HTTPS as the backend protocol.

Applying the ingress configuration

With both the ingressClass.yaml and ingress.yaml files created, apply these configurations to your MicroK8s cluster using the following commands:

CODE 
kubectl apply -f ingressClass.yaml
kubectl apply -f ingress.yaml

These commands register the ingress class and resource with your Kubernetes cluster, enabling the Nginx Ingress Controller to start routing external traffic to your DCT services.

Accessing DCT

Once the ingress route is successfully created and active, you can access the DCT UI and Swagger documentation through the following URLs:

  • DCT UI: <https://[HOSTNAME]:443>

  • Swagger API Documentation: <https://[HOSTNAME]:443/api>

Replace [HOSTNAME] with the actual hostname or IP address of your MicroK8s cluster.

Note: If ingress is configured with default certificate, browser will show a warning message.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close