This guide demonstrates how to configure Ingress. Ingress can be configured in numerous ways. Configurations for the most popular controllers are outlined below.
Kubernetes namespace
The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.
The Immuta web service listens on the following ports:
This is the fully qualified domain name (FQDN) as defined by RFC 3986 used to access the Immuta UI. If a FQDN has yet to be determined set Secure's ingress hostname to immuta.local.
Edit the immuta-values.yaml file to include the following Helm values.
Edit immuta-values.yaml to include the following Helm values.
secure:
ingress:
hostname: <immuta-fqdn>
annotations:
# Determines which type of load balancer is provisioned
# gce-internal
# gce
kubernetes.io/ingress.class: gce
# Listen on both 80 and 443
kubernetes.io/ingress.allow-http: 'true'
# Redirect traffic from 80 to 443
cloud.google.com/frontend-config: immuta
Create a file named frontendconfig.yaml with the following content.
Edit immuta-values.yaml to include the following Helm values.
secure:
ingress:
hostname: <immuta-fqdn>
ingressClassName: alb
annotations:
# Determines which type of load balancer is provisioned
# internal
# internet-facing
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
# Listen on both 80 and 443
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
# Redirect traffic from 80 to 443
alb.ingress.kubernetes.io/ssl-redirect: '443'
Perform a Helm upgrade to apply the changes made to immuta-values.yaml.
Edit immuta-values.yaml to include the following Helm values.
secure:
ingress:
hostname: <immuta-fqdn>
ingressClassName: traefik
annotations:
# Listen on ports 80 and 443
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
# Redirect HTTP to HTTPS
# When referencing middleware you must prefix the name with its namespace
# <namespace>-<middleware-name>@kubernetescrd
traefik.ingress.kubernetes.io/router.middlewares: immuta-https-redirectscheme@kubernetescrd
Create a file named middleware.yaml with the following content.
Edit immuta-values.yaml to include the following Helm values. Because the Ingress resource will be managed by the OpenShift route you create and not the Immuta Enterprise Helm chart, ingress is set to false below.
secure:
ingress:
enabled: false
Get the service name for Secure.
oc get service --selector "app.kubernetes.io/component=secure" --output template='{{ .metadata.name }}'
Create a file named route.yaml with the following content. Update all placeholder values with your own values.