Search
K
Links
Comment on page

Ingress and networking

Add an ingress Helm chart to an application

You can find the Release Helm chart for generating an ingress for your application in our GitHub repository.
Either copy the contents of the Release helm-ingress repository to your source control repository or reference the Helm chart using a remote repository chart:
charts:
- name: <service>-ingress
add: release-ingress
repo_url: https://raw.githubusercontent.com/releasehub-com/helm-ingress/main/
directory: <path in your repo to values.yaml>
install: release-ingress/release-ingress
values: values.yaml

Configure the ingress Helm chart values

You need a values.yaml file in your source control repository to use the Helm chart.
Customize the values.yaml file to reference the service you would like to expose to the internet. For example, here is a values.yaml file for a service named frontend:
service:
name: frontend
externalPort: 5000
ingress:
hosts:
- ${FRONTEND_INGRESS_HOST}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

Important version information

If you are using a Kubernetes cluster on v1.20 or below, add the following to your chart definition to pin the version to an older chart:
charts:
- name: <service>-ingress
version: 2.1.0
...

Add a load balancer to a chart

If you are using AWS with EKS, include annotations in Service to create a Network Load Balancer (NLB) and assign an external DNS name. This example configures a TLS-enabled LDAPS port (636) and a non-TLS LDAP port (389):
apiVersion: v1
kind: Service
metadata:
name: fid-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: external # This creates an NLB
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip # Do not touch
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing # Or, "private"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" # Recommended
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <fill in your ACM certificate here> # Optional for using TLS
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "636" # Optional for using TLS
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 # Optional for using TLS
external-dns.alpha.kubernetes.io/hostname: <fill in the hostname to use with a values file or similar>
spec:
ports:
- port: 389
name: ldap
targetPort: 2389
protocol: TCP
- port: 636
name: ldaps
targetPort: 2636
protocol: TCP
type: LoadBalancer
selector:
app: <insert the deployment or pod identifier here>