Comment on page
Ingress and networking
You can find the Release Helm chart for generating an ingress for your application in our GitHub repository.
Either copy the contents of the Release
helm-ingress
repository to your source control repository or reference the Helm chart using a remote repository chart:charts:
- name: <service>-ingress
add: release-ingress
repo_url: https://raw.githubusercontent.com/releasehub-com/helm-ingress/main/
directory: <path in your repo to values.yaml>
install: release-ingress/release-ingress
values: values.yaml
You need a
values.yaml
file in your source control repository to use the Helm chart.Customize the
values.yaml
file to reference the service you would like to expose to the internet. For example, here is a values.yaml
file for a service named frontend
:service:
name: frontend
externalPort: 5000
ingress:
hosts:
- ${FRONTEND_INGRESS_HOST}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
If you are using a Kubernetes cluster on v1.20 or below, add the following to your chart definition to pin the version to an older chart:
charts:
- name: <service>-ingress
version: 2.1.0
...
If you are using AWS with EKS, include annotations in
Service
to create a Network Load Balancer (NLB) and assign an external DNS name. This example configures a TLS-enabled LDAPS port (636) and a non-TLS LDAP port (389):apiVersion: v1
kind: Service
metadata:
name: fid-service
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: external # This creates an NLB
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip # Do not touch
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing # Or, "private"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" # Recommended
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <fill in your ACM certificate here> # Optional for using TLS
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "636" # Optional for using TLS
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS13-1-2-2021-06 # Optional for using TLS
external-dns.alpha.kubernetes.io/hostname: <fill in the hostname to use with a values file or similar>
spec:
ports:
- port: 389
name: ldap
targetPort: 2389
protocol: TCP
- port: 636
name: ldaps
targetPort: 2636
protocol: TCP
type: LoadBalancer
selector:
app: <insert the deployment or pod identifier here>
Last modified 26d ago