Kubernetes ingress controller prerequisites

Describes the prerequisite settings for the ingress controller for a Kubernetes runtime environment.

Before you begin

Note: This article refers to third-party software that IBM does not control. As such, the software may change and this information may become outdated.

These instructions assume you have a working Kubernetes environment and understand how to manage Kubernetes. Kubernetes is a platform for automated deployment, scaling, and operation of application containers across clusters of hosts, providing container-centric infrastructure. For more information, see https://kubernetes.io.

Kubernetes/ingress-nginx ingress controller ingress-config.yml settings

A Kubernetes deployment for IBM® API Connect requires the kubernetes/ingress-nginx ingress controller implementation (see https://github.com/kubernetes/ingress-nginx) with SSL passthrough enabled.

API Connect v10 does not require Helm, so it is recommended to use Helm3 for the installation of the ingress controller. Follow these steps:

  1. Create a file ingress-config.yaml where the following values are required:

    Specify at least one SSL protocol; separate multiple protocols with a comma as shown in the example.

      watchIngressWithoutClass: true
        enabled: false
        ssl-protocols: "TLSv1.2 TLSv1.3"
        annotations-prefix: ingress.kubernetes.io
        enable-ssl-passthrough: true

    You may use the following sample ingress-config.yml file to configure the ingress controller:

      watchIngressWithoutClass: true
        enabled: false
        hsts-max-age: "31536000"
        keepalive: "32"
        log-format: '{ "@timestamp": "$time_iso8601", "@version": "1", "clientip": "$remote_addr",
          "tag": "ingress", "remote_user": "$remote_user", "bytes": $bytes_sent, "duration":
          $request_time, "status": $status, "request": "$request_uri", "urlpath": "$uri",
          "urlquery": "$args", "method": "$request_method", "referer": "$http_referer",
          "useragent": "$http_user_agent", "software": "nginx", "version": "$nginx_version",
          "host": "$host", "upstream": "$upstream_addr", "upstream-status": "$upstream_status"
        main-snippets: load_module "modules/ngx_stream_module.so"
        proxy-body-size: "0"
        proxy-buffering: "off"
        server-name-hash-bucket-size: "128"
        server-name-hash-max-size: "1024"
        server-tokens: "False"
        ssl-ciphers: HIGH:!aNULL:!MD5
        ssl-prefer-server-ciphers: "True"
        ssl-protocols: "TLSv1.2 TLSv1.3"
        use-http2: "true"
        worker-connections: "10240"
        worker-cpu-affinity: auto
        worker-processes: "1"
        worker-rlimit-nofile: "65536"
        worker-shutdown-timeout: 5m
        useHostPort: false
        annotations-prefix: ingress.kubernetes.io
        enable-ssl-passthrough: true
      hostNetwork: true
      kind: DaemonSet
      name: controller
      create: "true"
  2. Run the commands:
    helm3 repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    helm3 repo update
    helm3 install ingress-controller ingress-nginx/ingress-nginx --namespace kube-system --values ingress-config.yaml 
Kubernetes/ingress-nginx ingress controller config.map settings
To ensure that the IBM API Connect services have time to start, increase the proxy-read-timeout and proxy-send-timeout values, which are in seconds, in the kubernetes/ingress-nginx ingress controller config.map to at least the following:
  • proxy-read-timeout: "240"
  • proxy-send-timeout: "240"
Depending on your environment, you might need to increase these further if the IBM API Connect services do not start. If there is a load balancer in front of the worker nodes, then the load balancer configuration might also need to have extended timeouts.
System and Software Requirements

The system and software requirements are described in the Software Product Compatibility Reports. See Detailed system requirements for a specific product