The instructions below explain how to set up NGINX as an ingress for OUDSM.
Use Helm to install NGINX.
Add the Helm chart repository for installing NGINX using the following command:
$ helm repo add stable https://kubernetes.github.io/ingress-nginx
The output will look similar to the following:
"stable" has been added to your repositories
Update the repository using the following command:
$ helm repo update
The output will look similar to the following:
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "stable" chart repository
Update Complete. Happy Helming!
Create a Kubernetes namespace for NGINX:
$ kubectl create namespace <namespace>
For example:
$ kubectl create namespace mynginx
The output will look similar to the following:
namespace/mynginx created
Create a $WORKDIR/kubernetes/helm/nginx-ingress-values-override.yaml that contains the following:
Note: The configuration below deploys an ingress using LoadBalancer. If you prefer to use NodePort, change the configuration accordingly. For more details about NGINX configuration see: NGINX Ingress Controller.
controller:
admissionWebhooks:
enabled: false
extraArgs:
# The secret referred to by this flag contains the default certificate to be used when accessing the catch-all server.
# If this flag is not provided NGINX will use a self-signed certificate.
# If the TLS Secret is in different namespace, name can be mentioned as <namespace>/<tlsSecretName>
default-ssl-certificate: oudsmns/oudsm-tls-cert
service:
# controller service external IP addresses
# externalIPs:
# - < External IP Address >
# To configure Ingress Controller Service as LoadBalancer type of Service
# Based on the Kubernetes configuration, External LoadBalancer would be linked to the Ingress Controller Service
type: LoadBalancer
# Configuration for NodePort to be used for Ports exposed through Ingress
# If NodePorts are not defined/configured, Node Port would be assigned automatically by Kubernetes
# These NodePorts are helpful while accessing services directly through Ingress and without having External Load Balancer.
nodePorts:
# For HTTP Interface exposed through LoadBalancer/Ingress
http: 30080
# For HTTPS Interface exposed through LoadBalancer/Ingress
https: 30443
To install and configure NGINX ingress issue the following command:
$ helm install --namespace <namespace> \
--values nginx-ingress-values-override.yaml \
lbr-nginx stable/ingress-nginx
Where:
lbr-nginx is your deployment namestable/ingress-nginx is the chart referenceFor example:
$ helm install --namespace mynginx \
--values nginx-ingress-values-override.yaml \
lbr-nginx stable/ingress-nginx
The output will be similar to the following:
NAME: lbr-nginx
LAST DEPLOYED: Mon Jul 11 17:07:32 2022
NAMESPACE: mynginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace mynginx get services -o wide -w lbr-nginx-ingress-nginx-controller'
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: foo
spec:
ingressClassName: nginx
rules:
- host: www.example.com
http:
paths:
- pathType: Prefix
backend:
service:
name: exampleService
port:
number: 80
path: /
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
Using the Helm chart, ingress objects are created according to configuration. The following table details the rules configured in ingress object(s) for access to Oracle Unified Directory Services Manager Interfaces through ingress.
| Port | NodePort | Host | Example Hostname | Path | Backend Service:Port | Example Service Name:Port |
|---|---|---|---|---|---|---|
| http/https | 30080/30443 | <deployment/release name>-N | oudsm-N | * | <deployment/release name>-N:http | oudsm-1:http |
| http/https | 30080/30443 | * | * | /oudsm /console | <deployment/release name>-lbr:http | oudsm-lbr:http |
If it is not possible to have LoadBalancer configuration updated to have host names added for Oracle Unified Directory Services Manager Interfaces, then the following entries can be added in /etc/hosts files on the host from where Oracle Unified Directory Services Manager interfaces would be accessed.
<IP Address of External LBR or Kubernetes Node> oudsm oudsm-1 oudsm-2 oudsm-N
https://<External LBR Host>/oudsm.https://<Kubernetes Node>:30443/oudsm.weblogic/<password> where weblogic/<password> is the adminUser and adminPass set when creating the OUDSM instance.https://<External LBR Host>/console.https://<Kubernetes Node>:30443/console.