Configure an Ingress for OUDSM

  1. Introduction

  2. Install NGINX

    a. Configure the repository

    b. Create a namespace

    c. Install NGINX using helm

  3. Access to interfaces through ingress

Introduction

The instructions below explain how to set up NGINX as an ingress for OUDSM.

Install NGINX

Use Helm to install NGINX.

Configure the repository

  1. Add the Helm chart repository for installing NGINX using the following command:

    $ helm repo add stable https://kubernetes.github.io/ingress-nginx

    The output will look similar to the following:

    "stable" has been added to your repositories

  2. Update the repository using the following command:

    $ helm repo update

    The output will look similar to the following:

    Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "stable" chart repository
Update Complete. Happy Helming!

Create a namespace

  1. Create a Kubernetes namespace for NGINX:

    $ kubectl create namespace <namespace>

    For example:

    $ kubectl create namespace mynginx

    The output will look similar to the following:

    namespace/mynginx created

Install NGINX using helm

  1. Create a $WORKDIR/kubernetes/helm/nginx-ingress-values-override.yaml that contains the following:

    Note: The configuration below deploys an ingress using LoadBalancer. If you prefer to use NodePort, change the configuration accordingly. For more details about NGINX configuration see: NGINX Ingress Controller.

    controller:
  admissionWebhooks:
    enabled: false
  extraArgs:
    # The secret referred to by this flag contains the default certificate to be used when accessing the catch-all server.
    # If this flag is not provided NGINX will use a self-signed certificate.
    # If the TLS Secret is in different namespace, name can be mentioned as <namespace>/<tlsSecretName>
    default-ssl-certificate: oudsmns/oudsm-tls-cert
  service:
    # controller service external IP addresses
    # externalIPs:
    #  - < External IP Address >
    # To configure Ingress Controller Service as LoadBalancer type of Service
    # Based on the Kubernetes configuration, External LoadBalancer would be linked to the Ingress Controller Service
    type: LoadBalancer
    # Configuration for NodePort to be used for Ports exposed through Ingress
    # If NodePorts are not defined/configured, Node Port would be assigned automatically by Kubernetes
    # These NodePorts are helpful while accessing services directly through Ingress and without having External Load Balancer.
    nodePorts:
      # For HTTP Interface exposed through LoadBalancer/Ingress
      http: 30080
      # For HTTPS Interface exposed through LoadBalancer/Ingress
      https: 30443

  2. To install and configure NGINX ingress issue the following command:

    $ helm install --namespace <namespace> \
--values nginx-ingress-values-override.yaml \
lbr-nginx stable/ingress-nginx

    Where:

    • lbr-nginx is your deployment name
    • stable/ingress-nginx is the chart reference

    For example:

    $ helm install --namespace mynginx \
--values nginx-ingress-values-override.yaml \
lbr-nginx stable/ingress-nginx

    The output will be similar to the following:

    NAME: lbr-nginx
LAST DEPLOYED: <DATE>
NAMESPACE: mynginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status by running 'kubectl --namespace mynginx get services -o wide -w lbr-nginx-ingress-nginx-controller'
  
An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls

Access to interfaces through ingress

Using the Helm chart, ingress objects are created according to configuration. The following table details the rules configured in ingress object(s) for access to Oracle Unified Directory Services Manager Interfaces through ingress.

Port NodePort Host Example Hostname Path Backend Service:Port Example Service Name:Port
http/https 30080/30443 <deployment/release name>-N oudsm-N * <deployment/release name>-N:http oudsm-1:http
http/https 30080/30443 * * /oudsm /console <deployment/release name>-lbr:http oudsm-lbr:http
  • In the table above, the Example Name for each Object is based on the value ‘oudsm’ as the deployment/release name for the Helm chart installation.
  • The NodePorts mentioned in the table are according to ingress configuration described in previous section.
  • When an External LoadBalancer is not available/configured, interfaces can be accessed through NodePort on the Kubernetes node.

Changes in /etc/hosts to validate hostname based ingress rules

If it is not possible to have LoadBalancer configuration updated to have host names added for Oracle Unified Directory Services Manager Interfaces, then the following entries can be added in /etc/hosts files on the host from where Oracle Unified Directory Services Manager interfaces would be accessed.

<IP Address of External LBR or Kubernetes Node>	oudsm oudsm-1 oudsm-2 oudsm-N
  • In the table above, host names are based on the value ‘oudsm’ as the deployment/release name for the Helm chart installation.
  • When an External LoadBalancer is not available/configured, Interfaces can be accessed through NodePort on the Kubernetes Node.

Validate OUDSM URL’s

  1. Launch a browser and access the OUDSM console.

    • If using an External LoadBalancer: https://<External LBR Host>/oudsm.
    • If not using an External LoadBalancer use https://<Kubernetes Node>:30443/oudsm.

  2. Access the WebLogic Administration console by accessing the following URL and login with weblogic/<password> where weblogic/<password> is the adminUser and adminPass set when creating the OUDSM instance.

    • If using an External LoadBalancer: https://<External LBR Host>/console.
    • If not using an External LoadBalancer use https://<Kubernetes Node>:30443/console.