Ingress Configuration
This guide demonstrates how to configure Ingress. Ingress can be configured in numerous ways. Configurations for the most popular controllers are outlined below.
The Immuta web service listens on the following ports:
443
TCP
HTTPS
False
80
TCP
HTTP (redirects to HTTPS)
True
Edit the
immuta-values.yaml
file to include the following Helm values.secure: ingress: hostname: <immuta-fqdn> ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-body-size: '64m'
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the Ingress-Nginx Controller documentation for further assistance.
Edit
immuta-values.yaml
to include the following Helm values.secure: ingress: hostname: <immuta-fqdn> annotations: # Determines which type of load balancer is provisioned # gce-internal # gce kubernetes.io/ingress.class: gce # Listen on both 80 and 443 kubernetes.io/ingress.allow-http: 'true' # Redirect traffic from 80 to 443 cloud.google.com/frontend-config: immuta
Create a file named
frontendconfig.yaml
with the following content.apiVersion: networking.gke.io/v1beta1 kind: FrontendConfig metadata: name: immuta spec: redirectToHttps: enabled: true responseCodeName: RESPONSE_CODE
Apply the
FrontendConfig
CRD.kubectl apply -f frontendconfig.yaml
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the Google Cloud documentation for further assistance.
Edit
immuta-values.yaml
to include the following Helm values.secure: ingress: hostname: <immuta-fqdn> ingressClassName: alb annotations: # Determines which type of load balancer is provisioned # internal # internet-facing alb.ingress.kubernetes.io/scheme: internet-facing alb.ingress.kubernetes.io/target-type: ip # Listen on both 80 and 443 alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' # Redirect traffic from 80 to 443 alb.ingress.kubernetes.io/ssl-redirect: '443'
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the AWS Load Balancer Controller documentation for further assistance.
Edit
immuta-values.yaml
to include the following Helm values.secure: ingress: hostname: <immuta-fqdn> ingressClassName: webapprouting.kubernetes.azure.com # https://azure.github.io/application-gateway-kubernetes-ingress/annotations/ annotations: appgw.ingress.kubernetes.io/ssl-redirect: 'true'
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the Application Gateway Ingress Controller documentation for further assistance.
Edit
immuta-values.yaml
to include the following Helm values.secure: ingress: hostname: <immuta-fqdn> ingressClassName: traefik annotations: # Listen on ports 80 and 443 traefik.ingress.kubernetes.io/router.entrypoints: web,websecure # Redirect HTTP to HTTPS # When referencing middleware you must prefix the name with its namespace # <namespace>-<middleware-name>@kubernetescrd traefik.ingress.kubernetes.io/router.middlewares: immuta-https-redirectscheme@kubernetescrd
Create a file named
middleware.yaml
with the following content.apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: https-redirectscheme spec: redirectScheme: scheme: https permanent: true
Apply the
Middleware
CRD.kubectl apply -f middleware.yaml
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the Traefik documentation for further assistance.
Edit
immuta-values.yaml
to include the following Helm values. Because the Ingress resource will be managed by the OpenShift route you create and not the Immuta Enterprise Helm chart,ingress
is set tofalse
below.secure: ingress: enabled: false
Get the service name for Secure.
oc get service --selector "app.kubernetes.io/component=secure" --output template='{{ .metadata.name }}'
Create a file named
route.yaml
with the following content. Update all placeholder values with your own values.apiVersion: route.openshift.io/v1 kind: Route metadata: name: immuta spec: host: <immuta-fqdn> to: kind: Service name: immuta-secure port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Redirect
Apply the
Route
CRD.oc apply -f route.yaml
Perform a Helm upgrade to apply the changes made to
immuta-values.yaml
.helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.19
Refer to the Red Hat OpenShift documentation for further assistance.
Last updated
Was this helpful?