# ALB Ingress in Kubernetes

ALB Ingress is one method that can be used to open access to the e6data engine to external services. ALB Ingress can be enabled using a [Helm chart](#enable-alb-ingress-using-a-hehlm-chart-recommended) (recommended) or [using `kubectl`](#prerequisites-1).

### **Prerequisites**

* AWS Load Balancer Controller deployed in the target Kubernetes cluster. For more information, see [Installing the AWS Load Balancer Controller add-on](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html).
* [`kubectl`should be installed](https://kubernetes.io/docs/tasks/tools/) in the local environment or the machine that will be used for the deployment.
* [Helm should be installed](https://helm.sh/docs/intro/install/) in the local environment or the machine that will be used for deployment.

## Install ALB Ingress using a Helm chart (recommended)

### Configure the Helm Chart

1. Clone the GitHub repository containing the Helm charts from the [GitHub URL](https://github.com/e6x-labs/helm-charts) or the command provided below:

   `git clone git@github.com:e6x-labs/helm-charts.git`
2. **Customize Chart Values:** Navigate to the cloned Helm chart directory (`./charts/ingress/` ) and modify the values in the `values.yaml` file or create a custom value file.
   * This file contains configuration options that customize the behavior of the chart during deployment. You can adjust parameters such as the image version, service type, ingress settings, etc., based on your requirements.
   * It is mandatory to edit the following values in the `values.yaml` file:

```yaml
cloud: <CLOUD_PROVIDER>
alias: <ALIAS_NAME>
workspace: <WORKSPACE_NAME>
cluster: <CLUSTER_NAME>
```

### **Deploy the Helm Chart**

Use the `helm install` command to deploy the Helm chart. Provide a release name for the deployment and specify the path to the chart directory. For example:

`helm install <RELEASE_NAME> ./charts/ingress/`

The above command deploys the Helm chart with `<RELEASE_NAME>` using the configuration from the `./charts/ingress/` directory.

`<RELEASE_NAME>` can be set to any value.

### **Verify Deployment**

Use the following `kubectl` commands to verify that the Kubernetes resources (services & ingresses) have been created and are running as expected:

```bash
kubectl get services -n <E6DATA_NAMESPACE>
kubectl get ingress -n <E6DATA_NAMESPACE>
```

{% hint style="success" %}
If the Ingress resource has been set up correctly and the e6data engine is exposed externally, external tools & services can now connect to it using the configured hostname or IP address.

A [Personal Access Token](https://docs.e6data.com/product-documentation/~/revisions/W5MExJCuvHiG1ioEcgOy/connectors-and-drivers/configure-cluster-ingress/broken-reference) is required for authentication.
{% endhint %}

## Enable ALB Ingress using kubectl <a href="#prerequisites" id="prerequisites"></a>

### Create Service

Create a service file, following the example below:

{% file src="<https://3484040590-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeVBYKZm1xFKFFVzS0lRJ%2Fuploads%2FpOU6V0trPWpvR8ct2adS%2Fe6data-ext-access-service-alb.yaml?alt=media&token=4b5ed5b4-6862-417a-a337-953db70501e6>" %}
Download the ALB Ingress service file template
{% endfile %}

<details>

<summary>Sample e6data-ext-access-service-alb.yaml</summary>

<pre class="language-yaml" data-title="e6data-ext-access-service-alb.yaml"><code class="lang-yaml"><strong>apiVersion: v1
</strong>kind: Service
metadata:
  name: e6data-ext-access-cluster1  # edit as required
  namespace: &#x3C;E6DATA_NAMESPACE> # change to e6data workspace namespace
  labels:
    cloud: &#x3C;CLOUD_PROVIDER>
    alias: &#x3C;ALIAS>
    workspace: &#x3C;WORKSPACE_NAME>
    cluster: &#x3C;CLUSTER_NAME>
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "external"
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-private-ipv4-addresses: "&#x3C;IP(s)_to_be_allowlisted>"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "&#x3C;ARN(s)_of_cert(s)>"
spec:
  type: LoadBalancer
  selector:
    cloud: &#x3C;CLOUD_PROVIDER>
    alias: &#x3C;ALIAS>
    workspace: &#x3C;WORKSPACE_NAME>
    cluster: &#x3C;CLUSTER_NAME>
  ports:
  - protocol: TCP
    port: 9000                  # external access port, edit as required
    targetPort: http            # change to HTTPS if SSL certificate is used
    name: http                  # change to HTTPS if SSL certificate is used
</code></pre>

</details>

To create the Service, apply the manifest to the cluster by running this command:

`kubectl apply -f <SERVICE_YAML_FILE>.yaml`

{% hint style="info" %}
To enable access to multiple clusters, please repeat[ the above steps](#create-service) to create a separate service file for each e6data cluster.
{% endhint %}

{% hint style="success" %}
Ingress has now been created and external tools will be able to access the e6data cluster using the configured port(s).
{% endhint %}