automation-suite
2024.10
true
- Overview
- Requirements
- Prerequisites at a glance
- Kubernetes cluster and nodes
- Proxy
- SQL database
- Caching
- Storage
- Configuring NGINX ingress controller
- Certificate requirements
- Pre-installation
- Installation
- Post-installation
- Migration and upgrade
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Troubleshooting
Configuring NGINX ingress controller
Automation Suite on EKS/AKS Installation Guide
Last updated Dec 18, 2024
Configuring NGINX ingress controller
In standard configuration, Automation Suite provisions a Load Balancer Kubernetes service type configured with Istio Gateway as an ingress controller for the requests coming from the network load balancer.
If you already have an NGINX ingress controller in your cluster and want to continue to use it, you must configure the Kubernetes
service_type
as cluster_IP
instead of Load Balancer. This document provides the necessary changes required for that configuration.
Important:
To manage large headers, adjust the
proxy-buffer-size
in the ingress annotation as follows:
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
You must update your NGINX specification with
istio-ingressgateway
as a backend service and specify the port number 80. Additionally, if you have your own Network Policies,make sure they are
configured correctly to allow NGINX and Istio routing.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: <istio-system>
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: <istio-system>
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
number: 80
You must update your NGINX specification with
istio-ingressgateway
as a backend service and specify https
as the port name.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: <istio-system>
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "<istio-system>/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: <istio-system>
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
nginx.ingress.kubernetes.io/proxy-ssl-name: "<FQDN>"
nginx.ingress.kubernetes.io/proxy-ssl-server-name: "on"
nginx.ingress.kubernetes.io/proxy-ssl-secret: "<istio-system>/istio-ingressgateway-certs"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "on"
spec:
ingressClassName: nginx
tls:
- hosts:
- "<FQDN>"
- "*.<FQDN>"
secretName: nginx-tls
rules:
- host: "<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https
- host: "*.<FQDN>"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway
port:
name: https