Ingress
This page is only concerning Existing clusters.
On existing clusters, a default Ingress is provided. This default Ingress is
backed by a Kubernetes service (named gitguardian
).
You can disable it and use your own Ingress. In that case, you will need to uncheck the "Enable Kubernetes Ingress" option in the admin console or edit the Ingress resource directly.
If you want to use your own Ingress, you'll need to edit following fields:
defaultBackend
ingressClassName
(for Ingress controllers that support it otherwise use the deprecatedkubernetes.io/ingress.class
annotation)rules
tls
The command kubectl explain ingress.spec
provides more details on each of
those fields.
The service backend listens only on HTTPS, and the Ingress needs to be
configured for this behavior.
If you are using the
NGINX Ingress controller,
this is already done in the included Ingress (via the
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
annotation). If you are
using another Ingress controller, you will probably need to add the appropriate
annotations in the text area for this.
Here is a sample configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: <ingress_class> # for ingress controllers that do not support ingressClassName
labels:
kots.io/app-slug: gitguardian-seal
kots.io/backup: velero
name: gitguardian
namespace: <your-namespace>
spec:
ingressClassName: <ingress_class> # for ingress controllers that support this field
rules:
- host: <application_hostname>
http:
paths:
- backend:
service:
name: gitguardian
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- <application_hostname>
secretName: <secret_name> # when using a kubernetes secret