Expose Application
In Kubernetes or Openshift you can set the Exposing parameters of your application or microservice (ingress and route objects).
This page explains you how.
Expose
1. In your manifest repository's main branch, you will find the values.yaml file, it showld be in the following folder structure [environment]/[project]/[application]
2. In the values.yaml file, search for the Expose section, you will find it like this:
## Expose
3. Bellow the section title, add the following configuration and change the values as you need:
## Expose
# Format: [application-name]-[project-name]-[environment].clusterFQDN
# Expose the application: true o false
expose:
enabled: true
# To enable TLS termination
tls:
enabled: true
# To config CertManager
certmanager:
enabled: false
# Set specific Issuer
issuer: letsencrypt-prod
# Uncomment this to set hostname
#hostname: specific-hostname
## Additional configurations
#####
4. Commit and enjoy! ✨
NGINX Ingress
It is possible to parameterize the ingress object of NGINX Ingress by following these steps:
1. In the Expose section of the values.yaml file in your manifest repository search for the Additional configuration section, you will find it like this:
## Additional configurations
2. Below the section title, add the following configuration and change the values as you need:
## Additional configurations
ingressClassName: nginx
# Add annotations to this Ingress
annotations:
#key: value
#kubernetes.io/ingress.class: external-ingress
nginx:
# To use cluster default SSL cert in TLS termination
defaultSslCertificate: false
# Enable modsecurity OWASP and limit rating: true or false
security: false
# Enable CORS: true or false
cors: false
# Enable user and password protection: true or false
authPassword: false
# Enable Sticky Sessions
stickySessions: true
# Enable from-to-www-redirect
wwwroot: false
# Enable regex Path-Routing to Service secondary port
pathRouting:
enabled: false
regex: "/(_event/.*|ping|_upload/?.*)"
type: ImplementationSpecific
#####
GKE Ingress
It is possible to parameterize the object of GKE Ingress by following these steps:
1. In the Expose section of the values.yaml file in your manifest repository search for the Additional configuration section, you will find it like this:
## Additional configurations
2. Below the section title, add the following configuration and change the values as you need:
## Additional configurations
ingressClassName: gce
# Add annotations to this Ingress
annotations:
#key: value
#kubernetes.io/ingress.class: external-ingress
gce:
frontend:
# Allow to consume the Ingress through your External IP
allowIpResolution: true
# Set response code of HTTPS redirection
sslRedirectResponseCodeName:
# Set TLS certificate from kubernetes Secret
sslSecretCertName:
# Set TLS certificate from Google Cloud managed certificate
sslManagedCertName:
# Enable SSL Policies to set TLS versions and ciphers
sslPolicy:
backend:
# Set service timeout in seconds
timeoutSec:
# Enable Google Cloud Armor Ingress security policy
securityPolicy:
enabled: false
name: ""
# Enable HTTP access logging
logging:
enabled: false
sampleRate: 0.5
# Enable Identity-Aware Proxy
iap:
enabled: false
secretName: my-secret
# Enable connection draining timeout
draining:
enabled: false
timeoutSec: 60
# Enable healthcheck configuration
healthCheck:
enabled: false
checkIntervalSec: INTERVAL
timeoutSec: TIMEOUT
healthyThreshold: HEALTH_THRESHOLD
unhealthyThreshold: UNHEALTHY_THRESHOLD
type: PROTOCOL
requestPath: PATH
port: PORT
# Enable Session affinity
sessionAffinity:
enabled: false
affinityType: GENERATED_COOKIE
affinityCookieTtlSec: 50
#####
GKE Gateway API *
* 📢 Please notice that this feature is on Tech Preview
It is possible to parameterize the expose with GKE Gateway API by following these steps:
1. In the Expose section of the values.yaml file in your manifest repository search for the Additional configuration section, you will find it like this:
## Additional configurations
2. Below the section title, add the following configuration and change the values as you need:
## Additional configurations
type: gateway
gateway:
gke:
enabled: true
# Set gke-l7-global-external-managed gateway name
gatewayName: external-gateway
# Set gke-l7-global-external-managed gateway namespace
gatewayNamespace: kube-system
#####
Expose with GKE Gateway API is only designed for gke-l7-global-external-managed GatewayClass.
If you are going to use a GKE Gateway API please check de GKE Gateway API Documentation
Secondary expose
It is possible to enable a secondary port in the service to consume an additional specific port of the container.
NGINX Ingress
It is possible to parameterize the secondary expose by following these steps:
Add the following block:
secondaryPort:
enabled: true
Port: 8081
targetPort: 8081
It is also possible to enable a per-patron routing to the secondary port of the service in order to redirect certain specific paths to it. A regex rule must be defined.
In this example, the paths /_event/* /ping /_upload /_upload/* will point to the secondary port of the service.
pathRouting:
enabled: true
regex: "/(_event/.*|ping|_upload/?.*)"
type: ImplementationSpecific
GKE Gateway API
It is possible to parameterize the secondary expose by following these steps:
Add the following block:
secondaryPort:
enabled: true
Port: 8081
targetPort: 8081
It is also possible to enable a path routing to the secondary port of the service in order to redirect certain specific path to it.
In this example, the path /upload will point to the secondary port of the service.
secondaryPathRouting:
enabled: true
path: "/upload"
4. Commit and enjoy! ✨
Secondary expose is only available for NGINX Ingress or GKE Gateway API.