Create ingresses

Overview

The following steps make the installed privacy software available via the public app endpoint. Privacy Dynamics has made the installation process easier by consolidating the files needed into a GitHub repository. The steps below download the files directly.

1. Install NGINX Ingress Controller
2. Install cert-manager
3. Create ingresses

Install Ingress Nginx

The NGINX Ingress Controller can be installed automatically onto the cluster using the KOTS Admin Console by selecting "Install ingress controller" under "Auxiliary Software" (see Install Privacy Dynamics). Alternatively, you can install the Helm chart directly to take advantage of all configuration options. For more information, see the official NGINX Ingress Controller installation guide.

Install cert-manager

cert-manager is an optional component for certificate management within the cluster. It can be installed directly onto the cluster using the KOTS Admin Console by selecting "Install certificate manager" under "Auxiliary Software" (see Install Privacy Dynamics) Alternatively, you can install the Helm chart directly to take advantage of all configuration options. See the official cert-manager website for installation instructions.

Create ClusterIssuer resource

ClusterIssuers are Kubernetes resources that represent certificate authorities (CAs) that are able to generate signed certificates. The ClusterIssuer makes it possible for the Privacy Dynamics web UI to use HTTPS. It can be created from the KOTS Admin Console by selecting "Configure CertIssuer" under "Auxiliary Settings." If the default ClusterIssuer (using Let's Encrypt and a DNS01 challenge) does not meet your needs, you can configure an alternative ClusterIssuer or Issuer by following the steps in the official cert-manager documentation.

Create service ingresses

If you are using the bundled version of cert-manager, along with our recommended ClusterIssuer, ingresses can be created automatically by selecting "Automatically Create Ingresses" under "Auxiliary Settings." Otherwise, follow the steps below to create ingresses.

Create API ingress

If you've installed the ExternalDNS controller, the ingress creation step will create a DNS A record for api within the pvcy.customer.com zone added earlier. If you prefer to create the records manually, the external address for the load balancer is displayed in the final verification step.

$ curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/api-ingress.yaml -o api-ingress.yaml

Modify pvcy.customer.com in api-ingress.yam to the customer subdomain.

$ kubectl apply -f api-ingress.yaml

Create application ingress

This will create an ingress for the Privacy Dynamics web UI. The service is called analyzer-app-service-ingress.

If you've installed the ExternalDNS controller, the ingress creation step will create a DNS A record for app within the pvcy.customer.com zone added earlier. If you prefer to create the records manually, the external address for the load balancer is displayed in the final verification step.

curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/app-ingress.yaml -o app-ingress.yaml

Modify pvcy.customer.com in app-ingress.yaml to the customer subdomain.

$ kubectl apply -f app-ingress.yaml

Create KotsAdm ingress

curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/kots-ingress.yaml \
 -o kots-ingress.yaml

Modify pvcy.customer.com in kots-ingress.yaml to the customer subdomain.

$ kubectl apply -f kots-ingress.yaml

Finally, verify that the ingresses are created.

$ kubectl get ingresses -n pvcy

NAME                           CLASS    HOSTS                       ADDRESS                             PORTS   AGE
analyzer-app-service-ingress   <none>   app.pvcy.customer.com       a4c78.us-west-2.elb.amazonaws.com   80, 443 3d4h
kots-ingress                   <none>   kotsadm.pvcy.customer.com   a4c84.us-west-2.elb.amazonaws.com   80, 443 3d4h
nginx-api-ingress              <none>   api.pvcy.customer.com       a4c86.us-west-2.elb.amazonaws.com   80, 443 3d4h