ALB Ingress in Kubernetes

Configuring ALB Ingress in Kubernetes

ALB Ingress is one method that can be used to open access to the e6data engine to external services. ALB Ingress can be enabled using a Helm chart (recommended) or using kubectl.

Prerequisites

Configure the Helm Chart

  1. Clone the GitHub repository containing the Helm charts from the GitHub URL or the command provided below:

    git clone git@github.com:e6x-labs/helm-charts.git

  2. Customize Chart Values: Navigate to the cloned Helm chart directory (./charts/ingress/ ) and modify the values in the values.yaml file or create a custom value file.

    • This file contains configuration options that customize the behavior of the chart during deployment. You can adjust parameters such as the image version, service type, ingress settings, etc., based on your requirements.

    • It is mandatory to edit the following values in the values.yaml file:

cloud: <CLOUD_PROVIDER>
alias: <ALIAS_NAME>
workspace: <WORKSPACE_NAME>
cluster: <CLUSTER_NAME>

Deploy the Helm Chart

Use the helm install command to deploy the Helm chart. Provide a release name for the deployment and specify the path to the chart directory. For example:

helm install <RELEASE_NAME> ./charts/ingress/

The above command deploys the Helm chart with <RELEASE_NAME> using the configuration from the ./charts/ingress/ directory.

<RELEASE_NAME> can be set to any value.

Verify Deployment

Use the following kubectl commands to verify that the Kubernetes resources (services & ingresses) have been created and are running as expected:

kubectl get services -n <E6DATA_NAMESPACE>
kubectl get ingress -n <E6DATA_NAMESPACE>

If the Ingress resource has been set up correctly and the e6data engine is exposed externally, external tools & services can now connect to it using the configured hostname or IP address.

A Personal Access Token is required for authentication.

Enable ALB Ingress using kubectl

Create Service

Create a service file, following the example below:

Sample e6data-ext-access-service-alb.yaml
e6data-ext-access-service-alb.yaml
apiVersion: v1
kind: Service
metadata:
  name: e6data-ext-access-cluster1  # edit as required
  namespace: <E6DATA_NAMESPACE> # change to e6data workspace namespace
  labels:
    cloud: <CLOUD_PROVIDER>
    alias: <ALIAS>
    workspace: <WORKSPACE_NAME>
    cluster: <CLUSTER_NAME>
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "external"
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses: "<IP(s)_to_be_allowlisted>"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<ARN(s)_of_cert(s)>"
spec:
  type: LoadBalancer
  selector:
    cloud: <CLOUD_PROVIDER>
    alias: <ALIAS>
    workspace: <WORKSPACE_NAME>
    cluster: <CLUSTER_NAME>
  ports:
  - protocol: TCP
    port: 9000                  # external access port, edit as required
    targetPort: http            # change to HTTPS if SSL certificate is used
    name: http                  # change to HTTPS if SSL certificate is used

To create the Service, apply the manifest to the cluster by running this command:

kubectl apply -f <SERVICE_YAML_FILE>.yaml

To enable access to multiple clusters, please repeat the above steps to create a separate service file for each e6data cluster.

Ingress has now been created and external tools will be able to access the e6data cluster using the configured port(s).

Last updated

#930: Cross account hive GCP

Change request updated