Deploying External S-TAP on cloud databases

Edit online

To use External S-TAPs with cloud databases, you need to set up an NGINX internal load balancer. The following section shows how to set up an NGINX internal load balancer for Oracle Cloud Infrastructure (OCI).

Procedure

  1. Add the NGINX ingress controller Helm repository. 
    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
    Tip: Use the following command to update the local cache of configured Helm repository.
    helm repo update
  2. Install the NGINX ingress.
    The following command is an example to install NGINX by using the different configuration parameters.
    helm install nginx-ingress ingress-nginx/ingress-nginx \
--namespace ingress-nginx --create-namespace \
--set controller.service.type=LoadBalancer \
--set controller.service.externalTrafficPolicy=Local \
--set controller.service.annotations."service\.beta\.kubernetes\.io/oci-load-balancerinternal"="false" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/oci-load-balancershape"="flexible" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/oci-load-balancer-shape-flexmin"="1
--set controller.service.annotations."service\.beta\.kubernetes\.io/oci-load-balancer-shape-flexmax"="1
--set tcp.8888=" demo/estap-estap-lb:8888"
  3. Install an NGINX ingress controller with extra ports.
    The following command is an example to install NGINX with extra ports.
    helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--set controller.extraPorts[0].name="estap" \
--set controller.extraPorts[0].port=8888 \
--set controller.extraPorts[0].targetPort=8888 \
--set controller.extraPorts[0].protocol="TCP" \
--set-string controller.extraArgs.tcp-services-configmap="ingress-nginx/tcp-services" \
--set controller.service.externalTraGicPolicy=Local \
--set controller.publishService.enabled=true
  4. Create a configmap to expose the additional TCP port.
    cat tcp-services.yaml
    The output looks similar to the following example:
    apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
data:
"8888": demo/estap-estap-lb:8888
  5. Open the overrides_example.yaml file and update the file with database information, collector information, and the following annotations.
    # Optional, ingress to use with E-STAP. Used to specify a load balancer
# to be used with AWS to avoid multiple NLBs being created
ingress:
# Optional, annotations to specify for ingress
annotations:
#alb.ingress.kubernetes.io/scheme: internet-facing
#alb.ingress.kubernetes.io/target-type: ip
#alb.ingress.kubernetes.io/load-balancer-name: YOUR_INGRESS_LB_NAME
#alb.ingress.kubernetes.io/group.name: YOUR_INGRESS_GROUP_NAME
className: nginx
host: www.example.com
  6. Deploy External S-TAPĀ® with ingress option.
    1. Test the nginx-ingress controller and make sure that port 8888 is open for External S-TAP service.
      kubectl get all -n ingress-nginx
      The output looks similar to the following example:
      NAME                                                    READY          STATUS          RESTARTS         AGE
pod/nginx-ingress-ingress-nginx-controller-64bf9b697f-bdlmk   1/1            Running             0            166m

NAME                                                           TYPE          CLUSTER-IP      EXTERNAL-IP      PORTS                                       AGE
service/nginx-ingress-ingress-nginx-controller            LoadBalancer     10.96.239.202      129.80.246.11   80:31908/TCP,443:32452/TCP,8888:30296/TCP    22h
service/nginx-ingress-ingress-nginx-controller-admission   ClusterIP       10.96.178.171         <none>       443/TCP                                      22h

NAME                                                          READY          UP-TO-DATE      AVAILABLE        AGE
deployment.apps/nginx-ingress-ingress-nginx-controller         1/1                1              1            22h
    2. Verify that the deployment is successful and the backend is successfully loaded.
      kubectl logs pod/nginx-ingress-ingress-nginx-controller-64bf9b697f-bdlmk -n ingressnginx
      The output looks similar to the following example:
      -------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.12.3
Build: 8d1208bd75b8ad0fe78f1f35c3176331a2042427
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.25.5
-------------------------------------------------------------------------------
W0702 14:21:45.095046 7 client_config.go:667] Neither --kubeconfig nor --master was
specified. Using the inClusterConfig. This might not work.
I0702 14:21:45.095290 7 main.go:205] "Creating API client"
host="https://10.96.0.1:443"
I0702 14:21:45.108483 7 main.go:248] "Running in Kubernetes cluster" major="1"
minor="33" git="v1.33.1" state="clean"
commit="e9a4f853fd5108992c6f16656360495e971b8ddd" platform="linux/arm64"
I0702 14:21:45.295855 7 main.go:101] "SSL fake certificate created" file="/etc/ingresscontroller/
ssl/default-fake-certificate.pem"
I0702 14:21:45.317721 7 ssl.go:535] "loading tls certificate"
path="/usr/local/certificates/cert" key="/usr/local/certificates/key"
I0702 14:21:45.331647 7 nginx.go:271] "Starting NGINX Ingress controller"
I0702 14:21:45.353213 7 event.go:377] Event(v1.ObjectReference{Kind:"ConfigMap",
Namespace:"ingress-nginx", Name:"nginx-ingress-ingress-nginx-controller",
UID:"df58d54e-6e3b-460f-9399-e228360de498", APIVersion:"v1",
I0702 14:21:46.613457 7 controller.go:216] "Backend successfully reloaded"
    Tip: If you add a service port, you can patch the ingress controller by using the following command:
    kubectl patch svc nginx-ingress-ingress-nginx-controller -n ingress-nginx --
type='json' -p='[{"op":"add","path":"/spec/ports/-
","value":{"name":"estap","port":8888,"protocol":"TCP","targetPort":8888}}]'