Ingress exposes HTTP and HTTPS routes from outside the cluster to DCT running within the cluster. Find out more about Ingress from their official documentation.

The exact steps to setup an Ingress vary by Kubernetes vendor and company policies. This section provides non-exhaustive instructions for a basic setup, but please ask your Kubernetes cluster administrator for guidance.

The proxy pod (which comes with DCT) runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate.

Expose proxy HTTP port 80 for non-encrypted traffic

After setting up an Ingress, TLS will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not DCT. First, disable the TLS (SSL) configuration of DCT itself, making it expose port 80 for non-encrypted traffic. To do so, edit the values.yaml to unset the useSSL property.

Either expose proxy on SSL port or non-SSL port: useSSL: false

Then run helm upgrade to apply the changes:

Copy 
helm upgrade dct-services -f <path to edited values.yaml> <directory path of the extracted chart>

The proxy pod now accepts unencrypted traffic on port 80.

Ingress controller installation and route creation

An Ingress controller is required to continue. Expand a section below based on your Kubernetes environment to show the corresponding Ingress controller installation and Ingress route creation instructions.

Microsoft Azure AKS

Ingress controller installation

Please follow these instructions to install an Nginx Ingress controller. A simple setup can be installed with these commands:

Copy 
NAMESPACE=ingress-basic
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
    --create-namespace \
    --namespace $NAMESPACE \
    --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz

Ingress route creation

Create a file named ingress.yaml.

Copy 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dct-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
          - path: /
          pathType: Prefix
          backend:
          service:
            name: proxy
            port:
              number: 80

Apply the Ingress resource with kubectl apply.

Copy 
kubectl apply -f ingress.yaml --namespace=ingress-basic

To configure TLS, see the Use TLS with an Ingress controller page.

Amazon AWS EKS

Ingress controller installation

Please follow these instructions to install an AWS load balancer controller (An Ingress controller which configures AWS application load balancers).

Ingress route creation

Create a file named ingress.yaml, replacing the value of certificate-arn in the example below with the ARN of the certificate you want to use for the HTTPs endpoint.

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: dct-ingress

annotations:

kubernetes.io/ingress.class: alb

alb.ingress.kubernetes.io/scheme: internal

alb.ingress.kubernetes.io/target-type: ip

alb.ingress.kubernetes.io/ssl-redirect: '443'

alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'

alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx

spec:

rules:

- http:

paths:

- path: /

pathType: Prefix

backend:

service:

name: proxy

port:

number: 80

Alternatively, you may use certificate discovery to have the ALB select a matching certificate from AWS Certificate manager based on the host name.

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: dct-ingress

annotations:

kubernetes.io/ingress.class: alb

alb.ingress.kubernetes.io/scheme: internal

alb.ingress.kubernetes.io/target-type: ip

alb.ingress.kubernetes.io/ssl-redirect: '443'

alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'

spec:

tls:

- hosts:

- www.example.com

rules:

- http:

paths:

- path: /

pathType: Prefix

backend:

service:

name: proxy

port:

number: 80

Apply the Ingress resource with kubectl apply:

kubectl apply -f ingress.yaml --namespace=ingress-basic

This creates an application load balancer, which forwards all traffic to DCT.

Other

Ingress controller installation

For self-hosted Kubernetes, you can install an Nginx Ingress controller with:

helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace

Reference environment specific instructions for a complete list of supported platforms and specific instructions.

Ingress route creation

Create a file name ingress.yaml.

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

name: dct-ingress

annotations:

nginx.ingress.kubernetes.io/ssl-redirect: "true"

spec:

ingressClassName: nginx

rules:

- http:

paths:

- path: /

pathType: Prefix

backend:

service:

name: proxy

port:

number: 80

Apply the Ingress resource with kubectl apply:

kubectl apply -f ingress.yaml --namespace=ingress-basic

Review the Ingress-Nginx instructions to setup TLS.