Ingress Global Configuration
Ingress configuration provides access to the KX Insights Platform API through secure and authenticated endpoints. This is coupled with the creation of certificates, certificate authorities, DNS and domain configuration. Documentation on these concepts and how to configure these within KX Insights Platform can be found here.
Available configuration..
global:
ingress:
class: "nginx"
host: "dev.kxinsights.com"
tlsSecret: "my-tls-secret"
certmanager: true
issuer:
name: "letsencrypt"
class
Variable | Type | Example | Default |
---|---|---|---|
class |
string |
"nginx-inc" |
"nginx" |
The class
variable is used within ingress resource annotations
, it is used to differentiate between (potential) multiple ingress controllers being installed within a single Kubernetes cluster. In this case we have an Ingress Controller installed with the ingressClass
nginx by default. If the Ingress Controller is installed under a different ingressClass
value within the cluster, the KX Insights Platform can be updated through configuration to pick up that alternative ingressClass
via this configuration.
Important
It is necessary to know the ingressClass
of the Ingress Controller before deploying the KX Insights Platform and provide this value appropriately.
host
Variable | Type | Example | Default |
---|---|---|---|
host |
string |
"dev.kxinsights.com" |
"" |
Ingress requires the hostname for the deploy to be provided as a means to expose service paths for client enrollment, authentication and data access. This should match the DNS setup for the active deployment. It must be set as it is blank by default. Full details on setting up the DNS hostname available here.
tlsSecret
Variable | Type | Example | Default |
---|---|---|---|
tlsSecret |
string |
"my-tls-secret" |
"" |
If a tlsSecret
is provided, it removes the need to provide a ClusterIssuer
such as LetsEncrypt. This allows systems to be deployed with pre-existing certificates from an authority of their choice. With the pre-existing certificate, a secret can be created and provided within this tlsSecret
field.
If this field is set, the certmanger field should be disabled and no issuer.name is required.
Full details on providing this ingress certification defined here.
certmanager
Variable | Type | Example | Default |
---|---|---|---|
certmanager |
bool |
true |
true |
The field certmanager
will add additional annotations required to use cert-manager and a certificate authority such as Let's Encrypt within your ingress resources.
If using certmanager
an issuer.name should be provided. This typically can be letsencrypt
but can be defined by the user appropriately.
issuer.name
Variable | Type | Example | Default |
---|---|---|---|
name |
string |
"my-issuer" |
"letsencrypt" |
When certmanger is enabled an Issuer/ClusterIssuer
must be provided for the deployment. By utilizing the certmanger Ingress resources are annotated with the name provided. The ClusterIssuer defined here is a CRD provided by cert-manager responsible for resolving the TLS certificates.