Skip to main content

Ingress

caution

This page is only concerning Existing clusters.

On existing clusters, a default Ingress is provided. This default Ingress is backed by a Kubernetes service (named gitguardian).

You can disable it and use your own Ingress. In that case, you will need to uncheck the "Enable Kubernetes Ingress" option in the admin console or edit the Ingress resource directly.

If you want to use your own Ingress, you'll need to edit following fields:

  • defaultBackend
  • ingressClassName (for Ingress controllers that support it otherwise use the deprecated kubernetes.io/ingress.class annotation)
  • rules
  • tls

The command kubectl explain ingress.spec provides more details on each of those fields.

The service backend listens only on HTTPS, and the Ingress needs to be configured for this behavior.
If you are using the NGINX Ingress controller, this is already done in the included Ingress (via the nginx.ingress.kubernetes.io/backend-protocol: HTTPS annotation). If you are using another Ingress controller, you will probably need to add the appropriate annotations in the text area for this.

Here is a sample configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: <ingress_class> # for ingress controllers that do not support ingressClassName
labels:
kots.io/app-slug: gitguardian-seal
kots.io/backup: velero
name: gitguardian
namespace: <your-namespace>
spec:
ingressClassName: <ingress_class> # for ingress controllers that support this field
rules:
- host: <application_hostname>
http:
paths:
- backend:
service:
name: gitguardian
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- <application_hostname>
secretName: <secret_name> # when using a kubernetes secret