Configure Nginx Ingress
An ingress controller is required for external access to the Kloudfuse cluster. For HTTPS and TLS configuration, see HTTPS/TLS Setup.
Ingress Internal Annotations
By default, the ingress internal service is disabled. If you enable it, you must annotate it with cloud-specific values.
Include one of these configurations in your custom_values.yaml file:
The internal ingress service must be annotated with Google’s load balancer information.
Update the custom_values.yaml with this configuration:
ingress-nginx:
controller:
service:
internal:
enabled: true
annotations:
networking.gke.io/load-balancer-type: "Internal"
cloud.google.com/load-balancer-type: "Internal"The internal ingress service must be annotated with AWS load balancer information.
Update the custom_values.yaml with this configuration:
ingress-nginx:
controller:
service:
internal:
enabled: true
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: "true"To ensure that Kloudfuse is available on a public endpoint, create a public IP address in the same resource group as the AKS cluster. Add inbound security rules for HTTP and HTTPS as required.
The internal ingress service must be annotated with Azure load balancer information.
Update the custom_values.yaml with this configuration:
ingress-nginx:
controller:
service:
loadBalancerIP: "<<PUBLIC IP ADDRESS>>"
externalTrafficPolicy: "Local"
internal:
enabled: true
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"On Azure, you must disable TLS verification for the observability agent.
Update the custom_values.yaml with this configuration:
kfuse-observability-agent:
datadog:
datadog:
kubelet:
tlsVerify: falseIn some cases, having the Kloudfuse installed Nginx Ingress is not preferred.
Update the custom_values.yaml with this configuration:
ingress-nginx:
enabled: false