Skip to main content

Ingress

info

Looking for the GitGuardian legacy architecture Ingress page? Please visit the Ingress (legacy) page.

For information on the new architecture, as well as determining whether you are using the new or the legacy GitGuardian architecture, explore the New GitGuardian Architecture page.

info

This page only concerns installation on an existing cluster using KOTS or Helm.

KOTS-based installation

On existing clusters, a default Ingress is provided. This default Ingress is backed by a Kubernetes service (named gitguardian).

The default ingress is customizable, allowing modifications to className, pathType, TLS, Annotations/Labels.

In the KOTS Admin Console, you may configure the following parameters:

  • ClassName of the resource to use
  • PathType and Path to route to the GitGuardian instance
  • Ingress TLS Secret to pass your certificates
  • Annotations and Labels specific to your ingress controller

ingress-tls-cert.png

Helm-based installation

In your values.yaml file, add the following extract, adapted to your needs:

front:
ingress:
enabled: true
pathType: "Prefix"
path: "/"
ingressClassName: "my-class-name"
annotations:
kubernetes.io/ingress.class: <ingress_class> # for ingress controllers that do not support ingressClassName
labels:
example.of.a.label: 'my-label'
tls:
enabled: true
secretName: "secret-containing-the-ingress-tls-certificates"
service:
port: 443

Using your own Ingress

You have the option to disable the default Ingress and set up your own. Here's how you can go about it based on your installation type:

KOTS-based installation

In the KOTS Admin Console, uncheck the "Enable Kubernetes Ingress" option to disable the default Ingress.

Ingress annotations

Helm-based installation

In the values.yaml file, set the ingress.enabled parameter to false.

Custom ingress configuration

If you opt to use your own Ingress, here are the fields you would need to modify:

  • defaultBackend
  • ingressClassName (use this for Ingress controllers that support it; otherwise, use the deprecated kubernetes.io/ingress.class annotation)
  • rules
  • tls

To get more details on each of these fields, run the command kubectl explain ingress.spec.

Protocol configuration

The service backend is configured to listen only on HTTPS, and your Ingress needs to be set up accordingly.

If you are utilizing the NGINX Ingress controller, this configuration is already handled in the included Ingress through the nginx.ingress.kubernetes.io/backend-protocol: HTTPS annotation. However, if you are using a different Ingress controller, you may need to add the necessary annotations in the provided text area.

Sample configuration

Below is an example of how a custom Ingress configuration might look:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: <ingress_class> # for ingress controllers that do not support ingressClassName
labels:
kots.io/app-slug: gitguardian-seal
kots.io/backup: velero
name: gitguardian
namespace: <your-namespace>
spec:
ingressClassName: <ingress_class> # for ingress controllers that support this field
rules:
- host: <application_hostname>
http:
paths:
- backend:
service:
name: gitguardian
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- <application_hostname>
secretName: <secret_name> # when using a kubernetes secret

How can I help you ?