_Configuring an Ingress Controller - blackducksoftware/hub GitHub Wiki

This page has been deprecated. Please see the official Kubernetes Black Duck Installation Guide here.

Configuring an Ingress Controller in Kubernetes and OpenShift

In order to set up an Ingress controller that allows connectivity to your cloud-native Black Duck deployment, you need to set up a TLS-based Ingress resource.

This document assumes that you have set up a working Ingress controller on your cluster.

There are 3 things to keep in mind for your Ingress controllers. You must:

• allow large body sizes for the proxy; 1G is sufficient for most deployments.
• configure the 'proxy buffer' to be large enough to handle a large response header.
• ensure that TLS is allowed through your ingress proxy.

An Ingress resource that is created for Black Duck will look something like this:

kind: Ingress
  metadata:
    namespace: myhub
    annotations:
      nginx.ingress.kubernetes.io/proxy-body-size: 1024m
      nginx.ingress.kubernetes.io/proxy-buffer-size: 8k
      nginx.ingress.kubernetes.io/secure-backends: "true" # enable TLS
  spec: 
    rules:
    - http:
        paths:
        - backends:
            serviceName: ingress-j2oij20j09j
            servicePort: 8443

The above deployment assumes that your Ingress is created dynamically for you to point to the webserver deployment. An alternative way to accomplish the same thing would be to explicitly point to the webserver service.

serviceName: webserver
servicePort: 443

Note that some platforms (like Rancher) will dynamically label pods and create services that attach to those pod labels for you, so we do not proscribe a specific strategy for Ingress definitions, but rather, we can provide you with guidelines and debugging support.

Contact Black Duck Support if you have any questions on how to craft an Ingress policy that will work for your cluster.