Privacy Dynamics Self-hosted

Create ingresses

Overview

The following steps make the installed privacy software available via the public app endpoint. Privacy Dynamics has made the installation process easier by consolidating the files needed into a GitHub repository. The steps below download the files directly.

  1. Install NGINX Ingress Controller
  2. Install cert-manager
  3. Create ingresses

Tip

Helm is used to install the tools needed for ingress to the cluster and it must be installed. You can follow the Helm installation instructions.

Install Ingress Nginx

The NGINX Ingress Controller can be installed automatically onto the cluster using the KOTS Admin Console by selecting "Install ingress controller" under "Auxiliary Software" (see Install Privacy Dynamics). Alternatively, you can install the Helm chart directly to take advantage of all configuration options. For more information, see the official NGINX Ingress Controller installation guide.

Tip

In order for the NGINX Ingress Controller to properly create a load balancer on AWS, the AWS Load Balancer Controller must be installed (see Provision Kubernetes cluster).

Install cert-manager

cert-manager is an optional component for certificate management within the cluster. It can be installed directly onto the cluster using the KOTS Admin Console by selecting "Install certificate manager" under "Auxiliary Software" (see Install Privacy Dynamics) Alternatively, you can install the Helm chart directly to take advantage of all configuration options. See the official cert-manager website for installation instructions.

Create ClusterIssuer resource

ClusterIssuers are Kubernetes resources that represent certificate authorities (CAs) that are able to generate signed certificates. The ClusterIssuer makes it possible for the Privacy Dynamics web UI to use HTTPS. It can be created from the KOTS Admin Console by selecting "Configure CertIssuer" under "Certificate Manager Settings." If the default ClusterIssuer (using Let's Encrypt and a DNS01 challenge) does not meet your needs, you can configure an alternative ClusterIssuer or Issuer by following the steps in the official cert-manager documentation.

Tip

For AWS clusters, you will need to create a service account that is authorized to manage DNS records in order to complete the ClusterIssuer's DNS01 challenge'. See detailed steps on how to setup the service account here.

Create service ingresses

If you are using the bundled versions of the NGINX Ingress Controller and Cert Manager, along with our recommended CertIssuer, ingresses can be created automatically by selecting "Automatically Create Ingresses" under "Certificate Manager Settings." Otherwise, follow the steps below to create ingresses.

Create API ingress

If you've installed the ExternalDNS controller, the ingress creation step will create a DNS A record for api within the pvcy.customer.com zone added earlier. If you prefer to create the records manually, the external address for the load balancer is displayed in the final verification step.

$ curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/api-ingress.yaml -o api-ingress.yaml

Modify pvcy.customer.com in api-ingress.yam to the customer subdomain.

$ kubectl apply -f api-ingress.yaml

Create application ingress

This will create an ingress for the Privacy Dynamics web UI. The service is called analyzer-app-service-ingress.

If you've installed the ExternalDNS controller, the ingress creation step will create a DNS A record for app within the pvcy.customer.com zone added earlier. If you prefer to create the records manually, the external address for the load balancer is displayed in the final verification step.

curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/app-ingress.yaml -o app-ingress.yaml

Modify pvcy.customer.com in app-ingress.yaml to the customer subdomain.

$ kubectl apply -f app-ingress.yaml

Create KotsAdm ingress

curl https://raw.githubusercontent.com/pvcy/enterprise-install/main/aws/kots-ingress.yaml \
 -o kots-ingress.yaml

Modify pvcy.customer.com in kots-ingress.yaml to the customer subdomain.

$ kubectl apply -f kots-ingress.yaml

Finally, verify that the ingresses are created.

$ kubectl get ingresses -n pvcy

NAME                           CLASS    HOSTS                       ADDRESS                             PORTS   AGE
analyzer-app-service-ingress   <none>   app.pvcy.customer.com       a4c78.us-west-2.elb.amazonaws.com   80, 443 3d4h
kots-ingress                   <none>   kotsadm.pvcy.customer.com   a4c84.us-west-2.elb.amazonaws.com   80, 443 3d4h
nginx-api-ingress              <none>   api.pvcy.customer.com       a4c86.us-west-2.elb.amazonaws.com   80, 443 3d4h
Previous
Install Privacy Dynamics
Next
Observability Tools