Skip to main content
Skip table of contents

Ingress setup (Kubernetes)

Ingress exposes HTTP and HTTPS routes from outside the cluster to the Hyperscale Compliance services running within the cluster. For more information, refer to the Ingress official documentation.

The exact steps to set up an Ingress vary by Kubernetes vendor and company policies. This section provides non-exhaustive instructions for a basic setup, but you must ask your Kubernetes cluster administrator for guidance.

The proxy pod runs an Nginx HTTP server which must be the only target of the Ingress rules, redirecting all external traffic to it. Out of the box, the pod accepts requests over HTTPs on port 443, using a self-signed certificate.

After setting up an Ingress, TLS/SSL will be terminated by the HTTP server/load balancer/proxy implementing the Ingress, and not Hyperscale Compliance.

Ingress controller installation and route creation

An Ingress controller is required to continue. Expand a section below based on your Kubernetes environment to show the corresponding Ingress controller installation and Ingress route creation instructions. 

Microk8s

Ingress controller installation

An ingress controller can be installed by enabling the ingress addon on the Microk8s cluster. It is enabled by running the command:

CODE 
microk8s enable ingress

This addon adds an NGINX Ingress Controller for MicroK8s.

Ingress route creation

Next, define the ingress rules for routing traffic to the Hyperscale Compliance services. Create a file named ingress.yaml with the following configuration:

CODE 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hyperscale-ingress
  namespace: hyperscale-services
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
spec:
  ingressClassName: nginx
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 443

This ingress configuration directs all HTTP traffic arriving at the root path (/) to the proxy service on port 443, using HTTPS as the backend protocol.

Applying the ingress configuration

With both the ingress.yaml files created, apply these configurations to your MicroK8s cluster using the following commands:

CODE 
kubectl apply -f ingress.yaml

Alternatively, you can apply the above ingress configuration with the following single kubectl command:

CODE 
kubectl create ingress hyperscale-ingress --namespace=hyperscale-services --rule="/*=proxy:443" --annotation=nginx.ingress.kubernetes.io/backend-protocol=HTTPS --annotation=nginx.ingress.kubernetes.io/proxy-body-size=50m --annotation=nginx.ingress.kubernetes.io/proxy-connect-timeout=600 --annotation=nginx.ingress.kubernetes.io/proxy-read-timeout=600 --annotation=nginx.ingress.kubernetes.io/proxy-send-timeout=600

These commands register the ingress class and resource with your Kubernetes cluster, enabling the Nginx Ingress Controller to start routing external traffic to your Hyperscale Compliance services.

Amazon AWS EKS

Ingress controller installation

Please follow these instructions to install an AWS load balancer controller (An Ingress controller that configures AWS application load balancers).

Ingress route creation

Create a file named ingress.yaml, replacing the value of certificate-arn in the example below with the ARN of the certificate you want to use for the HTTPs endpoint.

CODE 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hyperscale-ingress
  namespace: hyperscale-services
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx
spec:
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 443

Alternatively, you may use certificate discovery to have the ALB select a matching certificate from AWS Certificate manager based on the hostname.

CODE 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hyperscale-ingress
  namespace: hyperscale-services
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/backend-protocol: HTTPS
  
spec:
    tls:
  - hosts:
    - www.example.com
  rules:
    - http:
       paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: proxy
              port:
                 number: 443

Applying the ingress configuration

Apply the Ingress resource with kubectl apply:

CODE 
kubectl apply -f ingress.yaml

This creates an application load balancer, which forwards all traffic to Hyperscale Compliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close