Privacy Dynamics Self-hosted

Create ingresses


The following steps make the installed privacy software available via the public app endpoint. Privacy Dynamics has made the installation process easier by consolidating the files needed into a GitHub repository. The steps below download the files directly.

  1. Nginx ingress
  2. Install whoami
  3. Install cert-manager
  4. Create ingresses


Helm is used to install the tools needed for ingress to the cluster and it must be installed. You can follow the Helm installation instructions.

Install Ingress Nginx

$ kubectl apply -f \

namespace/ingress-nginx created
serviceaccount/ingress-nginx created
k serviceaccount/ingress-nginx-admission created
…. created created

Install whoami

whoami is installed as a container into its own namespace within the cluster and it's used to resolve DNS challenges necessary for Let's Encrypt. Whether you are downloading AWS or GCP specific versions, each values.yaml file must be modified with your environment name before proceeding. In each file, replace with your host name.

$ kubectl create namespace whoami
$ namespace/whoami created
$ curl \
 -o whoami-values.yaml

With the whoami-values.yaml file downloaded and updated with the correct hostname, install the whoami Helm chart.

$ helm install whoami-release cowboysysop/whoami \
 --values=whoami/values.yaml -n whoami

Install cert-manager

cert-manager is used for certificate management within the cluster. Different steps are required based on the cloud provider being used.

$ kubectl apply \

namespace/cert-manager created created created
…… created.

Create ClusterIssuer resource

ClusterIssuers are Kubernetes resources that represent certificate authorities (CAs) that are able to generate signed certificates. The ClusterIssuer makes it possible for the Privacy Dynamics web UI to use HTTPS.

$ curl -o issuer-lets-encrypt-prod.yaml

Make the following changes to issuer-lets-encrypt-prod.yaml

  1. with your subdomain name.
  2. with your email address.
  3. hostedZoneId Z08xxxxHK with the Route 53 hostedZoneId of your subdomain name.
$ kubectl apply -f issuer-lets-encrypt-prod.yaml 
$ created

Create service ingresses

Create API ingress

The ingress creation step will create a DNS A record for api within the zone added earlier.

$ curl -o api-ingress.yaml

Modify in api-ingress.yam to the customer subdomain.

$ kubectl apply -f api-ingress.yaml

Create application ingress

This will create an ingress for the Privacy Dynamics web UI. The service is called analyzer-app-service-ingress.

The ingress creation step will create a DNS A record for app within the zone added earlier.

curl -o app-ingress.yaml

Modify in app-ingress.yaml to the customer subdomain.

$ kubectl apply -f app-ingress.yaml

Create KotsAdm ingress

curl \
 -o kots-ingress.yaml

Modify in kots-ingress.yaml to the customer subdomain.

$ kubectl apply -f kots-ingress.yaml

Finally, verify that the ingresses are created.

$ kubectl get ingresses -n pvcy

NAME                           CLASS    HOSTS                       ADDRESS                             PORTS   AGE
analyzer-app-service-ingress   <none>   80, 443 3d4h
kots-ingress                   <none>   80, 443 3d4h
nginx-api-ingress              <none>   80, 443 3d4h
Configure DNS