This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Ingress Controller

Deploy an internal-only NGINX ingress controller with private AWS NLB for a secure TLS-only access to Data Discovery services within your VPC.

    Requirements

    • The EKS cluster is provisioned.

    • The cluster is connected and the kubeconfig is properly configured.

    Run the following command to connect a local environment to the EKS cluster.

    aws eks update-kubeconfig --region <region> --name <cluster-name>

    Configuration

    This chart wraps the official ingress-nginx chart using the alias private-ingress and allows to customize the default certificate that is used on all TLS communications handled by this controller.

    To configure TLS certificates, place the certificate files in the following folder.

    ingress-controller/certs/tls.crt
ingress-controller/certs/tls.key

    For more information about creating TLS certificates, refer to Create and configure certificates (AWS docs)

    It is recommended not to edit the values.yaml file unless required. To customize configurations, create a values-override.yaml file with the desired changes and use the -f values-override.yaml flag during installation.

    Installing the Component

    cd helm/ingress-controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx || true
helm repo update
helm dependency build
helm install ingress-controller . \
  --namespace ingress-nginx \
  --create-namespace \
  --set-file tls.crt=./certs/tls.crt \
  --set-file tls.key=./certs/tls.key

    If TLS is not configured, ommit the --set-file tls lines in the command above.

    For any custom configuration changes, create a values-override.yaml file and add -f values-override.yaml to the helm install command. It is not recommended to modify the configurations in the values.yaml file.

    This deploys the controller (and a TLS secret if configured) under the ingress-nginx namespace and exposes it through an internal AWS NLB.

    Verifying the Installation

    Checking the controller pods

    kubectl get pods -n ingress-nginx

    Example output:

    NAME                             READY   STATUS    RESTARTS   AGE
private-ingress-controller-xxx   1/1     Running   0          ...

    Confirming the service is created

    kubectl get svc -n ingress-nginx

    Example output:

    NAME                        TYPE           CLUSTER-IP     EXTERNAL-IP                                                               PORT(S)
private-ingress-controller  LoadBalancer   10.x.x.x       internal-<hash>.<region>.elb.amazonaws.com   443:xxxx/TCP

    Checking the IngressClass

    kubectl get ingressclass

    Example output:

    NAME             CONTROLLER             PARAMETERS   AGE
private-nginx    k8s.io/ingress-nginx   <none>       ...

    This IngressClass is automatically used by any Ingress with no ingressClassName or one explicitly set to private-nginx.

    Uninstalling the Component

    Run the following command to uninstall the Ingress Controller.

    helm uninstall ingress-controller \
  --namespace ingress-nginx

    This will remove the AWS Load Balancer and make any applications using this ingress controller inaccessible from outside the cluster. Ensure all dependent services are stopped or reconfigured before removal.