Kubernetes ingress controller prerequisites
Describes the prerequisite settings for the ingress controller for a Kubernetes runtime environment.
Before you begin
- This article does not apply to the IBM® DataPower® Gateway component that is a part of the IBM API Connect solution.
- This article applies to third-party software that IBM does not control. As such, the software may change and this information may become outdated.
These instructions assume you have a working Kubernetes environment and understand how to manage Kubernetes. Kubernetes is a platform for automated deployment, scaling, and operation of application containers across clusters of hosts, providing container-centric infrastructure. For more information, see https://kubernetes.io.
- Kubernetes/ingress-nginx ingress controller
ingress-config.yml
settings -
A Kubernetes deployment for IBM API Connect requires the kubernetes/ingress-nginx ingress controller implementation (see https://github.com/kubernetes/ingress-nginx) with SSL passthrough enabled.
API Connect v10 does not require Helm, so it is recommended to use Helm3 for the installation of the ingress controller. Follow these steps:
- Create a file
ingress-config.yaml
where the following values are required:Specify at least one SSL protocol; separate multiple protocols with a comma as shown in the example.
controller: watchIngressWithoutClass: true admissionWebhooks: enabled: false config: ssl-protocols: "TLSv1.2 TLSv1.3" extraArgs: annotations-prefix: ingress.kubernetes.io enable-ssl-passthrough: true
You may use the following sample ingress-config.yml file to configure the ingress controller:
controller: watchIngressWithoutClass: true admissionWebhooks: enabled: false config: hsts-max-age: "31536000" keepalive: "32" log-format: '{ "@timestamp": "$time_iso8601", "@version": "1", "clientip": "$remote_addr", "tag": "ingress", "remote_user": "$remote_user", "bytes": $bytes_sent, "duration": $request_time, "status": $status, "request": "$request_uri", "urlpath": "$uri", "urlquery": "$args", "method": "$request_method", "referer": "$http_referer", "useragent": "$http_user_agent", "software": "nginx", "version": "$nginx_version", "host": "$host", "upstream": "$upstream_addr", "upstream-status": "$upstream_status" }' main-snippets: load_module "modules/ngx_stream_module.so" proxy-body-size: "0" proxy-buffering: "off" server-name-hash-bucket-size: "128" server-name-hash-max-size: "1024" server-tokens: "False" ssl-ciphers: HIGH:!aNULL:!MD5 ssl-prefer-server-ciphers: "True" ssl-protocols: "TLSv1.2 TLSv1.3" use-http2: "true" worker-connections: "10240" worker-cpu-affinity: auto worker-processes: "1" worker-rlimit-nofile: "65536" worker-shutdown-timeout: 5m daemonset: useHostPort: false extraArgs: annotations-prefix: ingress.kubernetes.io enable-ssl-passthrough: true hostNetwork: true kind: DaemonSet name: controller rbac: create: "true"
- Run the
commands:
helm3 repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm3 repo update helm3 install ingress-controller ingress-nginx/ingress-nginx --namespace kube-system --values ingress-config.yaml
- Create a file
- Kubernetes/ingress-nginx ingress controller
config.map
settings -
To ensure that the IBM API Connect services have time to start, increase the proxy-read-timeout and proxy-send-timeout values, which are in seconds, in the
kubernetes/ingress-nginx
ingress controller config.map to at least the following:- proxy-read-timeout: "240"
- proxy-send-timeout: "240"
- System and Software Requirements
-
The system and software requirements are described in the Software Product Compatibility Reports. See Detailed system requirements for a specific product