10.3.5 Configuring Ingress

Ingress manages the external access to the Access Manager services in a Kubernetes cluster. To make the Ingress resources work, you need an Ingress controller. Configuring Ingress is mandatory while deploying Access Manager on Azure. However, on AWS, if the worker nodes are on public IP, configuring Ingress is optional.

Configuring the Ingress Rules

Configure the Ingress controller chart before running the Access Manager Helm chart.

Open the access-manager/values.yaml file. Access Manager 5.0 Service Pack 2 onwards, additional attribute ingressClassName can be configured. This attribute is used to configure the ingress controller provider.
Enable ingress by specifying enabled: true.

Specify the service ports for the respective components:

Component	Value
Administration Console	2443
Identity Server	8443
Access Gateway	8000 9099 You can specify more port numbers if Access Gateway needs another ports to open.

Component

Value

Administration Console

2443

Identity Server

8443

Access Gateway

8000

9099

You can specify more port numbers if Access Gateway needs another ports to open.

Configure the Administration Console service by specifying the following details:

Element	Value
host	Domain name or Administration Console service URL. For example, www.cloudac.com.
https	Specify true to enable the backend communication between Ingress and pods.
paths	:2443/nps

Configure the Identity Server service by specifying the following details:

Element	Value
host	Domain name or Identity Server service URL. For example, www.cloudidp.com.
https	Specify true to enable the backend communication between Ingress and pods.
paths	/nidp: 8443

Configure the Access Gateway service by specifying the following details:

Element	Value
host	Domain name or Access Gateway service URL. For example, www.cloudag.com.
https	Specify true when you want to enable backend communication between Ingress and pods.
paths	/path1: 8000 /path2: 9099 For example, specify /mag: 8000 /apache: 9099

Element

Value

host

Domain name or Access Gateway service URL. For example, www.cloudag.com.

https

Specify true when you want to enable backend communication between Ingress and pods.

paths

/path1: 8000

/path2: 9099

For example, specify

/mag: 8000

/apache: 9099

Save and close the values.yaml file.
Create a TLS secret to use with the self-signed certificate. Use the following command:

kubectl create secret tls $<cert-name> --key $<KEY_FILE> --cert $<CERT_FILE>

Use this TLS secret when front-end SSL communication is required.
Proceed to Deploying Access Manager Containers on Azure Kubernetes Services or Deploying Access Manager Containers on AWS.

NOTE:If you modify any value in the values.yaml file of an existing helm release, you must perform a helm upgrade to apply the changes.

Run the following command to perform the helm upgrade:

helm upgrade <release-name> access-manager -n <name-of-the-namespace>