Ingress

caution

This page is only concerning Existing clusters.

On existing clusters, a default Ingress is provided. This default Ingress is backed by a Kubernetes service (named gitguardian).

You can disable it and use your own Ingress. In that case, you will need to uncheck the "Enable Kubernetes Ingress" option in the admin console or edit the Ingress resource directly.

If you want to use your own Ingress, you'll need to edit following fields:

defaultBackend
ingressClassName (for Ingress controllers that support it otherwise use the deprecated kubernetes.io/ingress.class annotation)
rules
tls

The command kubectl explain ingress.spec provides more details on each of those fields.

The service backend listens only on HTTPS, and the Ingress needs to be configured for this behavior.
If you are using the NGINX Ingress controller, this is already done in the included Ingress (via the nginx.ingress.kubernetes.io/backend-protocol: HTTPS annotation). If you are using another Ingress controller, you will probably need to add the appropriate annotations in the text area for this.

Here is a sample configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: <ingress_class>  # for ingress controllers that do not support ingressClassName
  labels:
    kots.io/app-slug: gitguardian-seal
    kots.io/backup: velero
  name: gitguardian
  namespace: <your-namespace>
spec:
  ingressClassName: <ingress_class>  # for ingress controllers that support this field
  rules:
  - host: <application_hostname>
    http:
      paths:
      - backend:
          service:
            name: gitguardian
            port:
              number: 443
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - <application_hostname>
    secretName: <secret_name>  # when using a kubernetes secret