Ingress Configuration

PreviousConfigure NextCosign Verification

Last updated 17 days ago

Was this helpful?

Ingress Configuration

This guide demonstrates how to configure . Ingress can be configured in numerous ways. Configurations for the most popular controllers are outlined below.

Kubernetes namespace

The following section(s) presume the Immuta Enterprise Helm chart was deployed into namespace immuta and that the current namespace is immuta.

The Immuta web service listens on the following ports:

Port

Protocol

Description

Optional

443

TCP

HTTPS

False

TCP

HTTP (redirects to HTTPS)

True

Ingress hostname

This is the fully qualified domain name (FQDN) as defined by RFC 3986 used to access the Immuta UI. If a FQDN has yet to be determined set Secure's ingress hostname to immuta.local.

Edit the immuta-values.yaml file to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
      nginx.ingress.kubernetes.io/proxy-body-size: '64m'

Perform a to apply the changes made to immuta-values.yaml.

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    annotations:
      # Determines which type of load balancer is provisioned
      #   gce-internal
      #   gce
      kubernetes.io/ingress.class: gce
      # Listen on both 80 and 443
      kubernetes.io/ingress.allow-http: 'true'
      # Redirect traffic from 80 to 443
      cloud.google.com/frontend-config: immuta

Create a file named frontendconfig.yaml with the following content.

apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
  name: immuta
spec:
  redirectToHttps:
    enabled: true
    responseCodeName: RESPONSE_CODE

Apply the FrontendConfig CRD.
```
kubectl apply -f frontendconfig.yaml
```

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    ingressClassName: alb
    annotations:
      # Determines which type of load balancer is provisioned
      #   internal
      #   internet-facing
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      # Listen on both 80 and 443
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      # Redirect traffic from 80 to 443
      alb.ingress.kubernetes.io/ssl-redirect: '443'

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    ingressClassName: webapprouting.kubernetes.azure.com
    # https://azure.github.io/application-gateway-kubernetes-ingress/annotations/
    annotations:
      appgw.ingress.kubernetes.io/ssl-redirect: 'true'

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

Edit immuta-values.yaml to include the following Helm values.

secure:
  ingress:
    hostname: <immuta-fqdn>
    ingressClassName: traefik
    annotations:
      # Listen on ports 80 and 443
      traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
      # Redirect HTTP to HTTPS
      # When referencing middleware you must prefix the name with its namespace
      # <namespace>-<middleware-name>@kubernetescrd
      traefik.ingress.kubernetes.io/router.middlewares: immuta-https-redirectscheme@kubernetescrd

Create a file named middleware.yaml with the following content.

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https-redirectscheme
spec:
  redirectScheme:
    scheme: https
    permanent: true

Apply the Middleware CRD.
```
kubectl apply -f middleware.yaml
```

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

Edit immuta-values.yaml to include the following Helm values. Because the Ingress resource will be managed by the OpenShift route you create and not the Immuta Enterprise Helm chart, ingress is set to false below.
```
secure:
  ingress:
    enabled: false
```

Get the service name for Secure.

oc get service --selector "app.kubernetes.io/component=secure" --output template='{{ .metadata.name }}'

apiVersion: route.openshift.io/v1
kind: Route
metadata:
  name: immuta
spec:
  host: <immuta-fqdn>
  to:
    kind: Service
    name: immuta-secure
  port:
    targetPort: http
  tls:
    termination: edge
    insecureEdgeTerminationPolicy: Redirect

Apply the Route CRD.
```
oc apply -f route.yaml
```

helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.18

PreviousConfigure NextCosign Verification

Last updated 17 days ago

Was this helpful?