Skip to content
dictyBase Developer Docs

Ingress

Ingress manages external access to services in a Kubernetes cluster. To configure Ingress access we need to install

  • nginx-controller
  • Setup cert-manager for https access.
  • ingress manifests for opening up services

Upgrade nginx-controller

Quick start

kubectl get svc  -n default nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
helm delete nginx-ingress --purge
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx/
helm repo update
controller:
  service:
    loadBalancerIP: YOUR_IP_ADDRESS...
helm install ingress-nginx/ingress-nginx -n ingress-nginx --version 2.11.1 -f values.yaml

Step by step

Gather external IP

From cluster loadbalancer

kubectl get svc  -n default nginx-ingress-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'

DNS lookup using any of the mapped domain

nslookup eric.dictybase.dev

The values should match each other, otherwise use the ip from loaderbalancer query. The ip will be used to install the new chart.

Remove existing chart

helm delete nginx-ingress --purge

Add helm repository for ingress-nginx

The Helm stable repository is in the process of being deprecated so it is advised to use the community-supported ingress-nginx chart moving forward.

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx/
helm repo update

Install the chart

Chart version 2.11.1

  • Create the following yaml value file
controller:
  service:
    loadBalancerIP: YOUR_IP_ADDRESS...
helm install ingress-nginx/ingress-nginx -n ingress-nginx --version 2.11.1 -f values.yaml
  • Verify the loadbalancer IP
kubectl get svc  -n default ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'

Deploy Ingress manifests

These will be deployed alongside the various services. This particular sequence of deployments should be followed at least for the first time. Here are the expected manifests to be deployed.

  • Minio storage
  • GraphQL auth backend
  • GraphQL backend
  • Frontend applications
  • Kubeless functions

The GraphQL backend depends on the auth backend, so the auth backend have to be deployed first. Certificates has to be installed and configured for secured(https) ingress access.

Rule of thumb for writing and deploying ingress manifests

  • Use a single issuer for all the ingresses in a cluster.
  • Use a single domain for every ingresses. For every new domain, create a new manifests.
  • Every ingress should have a unique tls name within a particular namespace.
  • Try to use a consistent naming for ingresses and tlses.

Storage backend

ingress:
  annotations:
    cert-manager.io/issuer: dictybase-devsidd
  hosts:
    - name: siddstorage.dictybase.dev
      paths:
        - path: /
          serviceName: minio
          servicePort: 9000
  tls:
    - secretName: devsidd-storage-tls
      hosts:
        - siddstorage.dictybase.dev

Auth backend

ingress:
  annotations:
    cert-manager.io/issuer: dictybase-ericdev
  hosts:
    - name: ericauth.dictybase.dev
      paths:
        - path: /watchmen
          serviceName: gql-authserver
          servicePort: gql-authserver
  tls:
    - secretName: ericdev-graphql-auth-tls
      hosts:
        - ericauth.dictybase.dev

GraphQL

ingress:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://ericauth.dictybase.dev/watchmen
    nginx.ingress.kubernetes.io/auth-method: POST
    cert-manager.io/issuer: dictybase-ericdev
  hosts:
    - name: ericgraphql.dictybase.dev
      paths:
        - path: /
          serviceName: graphql-server
          servicePort: graphql-server
  tls:
    - secretName: ericdev-graphql-tls
      hosts:
        - ericgraphql.dictybase.dev

Frontend Applications

ingress:
  annotations:
    cert-manager.io/issuer: dictybase-ericdev
  hosts:
    - name: eric.dictybase.dev
      paths:
        - path: /stockcenter
          serviceName: stock-center
          servicePort: stock-center
        - path: /dictyaccess
          serviceName: dictyaccess
          servicePort: dictyaccess
        - path: /gene
          serviceName: genomepage
          servicePort: genomepage
        - path: /publication
          serviceName: publication
          servicePort: publication
        - path: /
          serviceName: frontpage
          servicePort: frontpage
  tls:
    - secretName: ericdev-frontend-tls
      hosts:
        - eric.dictybase.dev

Kubeless

ingress:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    cert-manager.io/issuer: dictybase-ericdev
  hosts:
    - name: ericfunc.dictybase.dev
      paths:
        - path: /dashboard/(.*)
          serviceName: dashfn
          servicePort: 8080
        - path: /publications/(.*)
          serviceName: pubfn
          servicePort: 8080
  tls:
    - secretName: ericdev-kubeless-tls
      hosts:
        - ericfunc.dictybase.dev

Install the charts

helm install dictybase/dictybase-ingress --namespace dictybase -n <ingress name> -f <manifestname>.yaml

Fresh install

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx/
helm repo update
helm install ingress-nginx/ingress-nginx -n ingress-nginx --version 2.11.1