Skip to content

Ingress Global Configuration

Ingress configuration provides access to kdb Insights Enterprise API through secure and authenticated endpoints. This is coupled with the creation of certificates, certificate authorities, DNS and domain configuration. Documentation on these concepts and how to configure these within kdb Insights Enterprise can be found here.

Available configuration..

global:
  ingress:
    class: "nginx"
    host: "dev.kxinsights.com"
    tlsSecret: "my-tls-secret"
    certmanager: true
    issuer:
      name: "letsencrypt"

class

Variable Type Example Default
class string "nginx-inc" "nginx"

The class variable is used within ingress resource annotations, it is used to differentiate between (potential) multiple ingress controllers being installed within a single Kubernetes cluster. In this case we have an Ingress Controller installed with the ingressClass nginx by default. If the Ingress Controller is installed under a different ingressClass value within the cluster, kdb Insights Enterprise can be updated through configuration to pick up that alternative ingressClass via this configuration.

Important

It is necessary to know the ingressClass of the Ingress Controller before deploying kdb Insights Enterprise and provide this value appropriately.

host

Variable Type Example Default
host string "dev.kxinsights.com" ""

Ingress requires the hostname for the deploy to be provided as a means to expose service paths for client enrollment, authentication and data access. This should match the DNS setup for the active deployment. It must be set as it is blank by default. Full details on setting up the DNS hostname available here.

tlsSecret

Variable Type Example Default
tlsSecret string "my-tls-secret" ""

If a tlsSecret is provided, it removes the need to provide a ClusterIssuer such as LetsEncrypt. This allows systems to be deployed with pre-existing certificates from an authority of their choice. With the pre-existing certificate, a secret can be created and provided within this tlsSecret field.

If this field is set, the certmanger field should be disabled and no issuer.name is required.

Full details on providing this ingress certification defined here.

certmanager

Variable Type Example Default
certmanager bool true true

The field certmanager will add additional annotations required to use cert-manager and a certificate authority such as Let's Encrypt within your ingress resources.

If using certmanager an issuer.name should be provided. This typically can be letsencrypt but can be defined by the user appropriately.

issuer.name

Variable Type Example Default
name string "my-issuer" "letsencrypt"

When certmanger is enabled an Issuer/ClusterIssuer must be provided for the deployment. By utilizing the certmanger Ingress resources are annotated with the name provided. The ClusterIssuer defined here is a CRD provided by cert-manager responsible for resolving the TLS certificates.