Kubernetes ingress controller prerequisites
Describes the prerequisite settings for the ingress controller for a Kubernetes runtime environment.
Before you begin
These instructions assume you have a working Kubernetes environment and understand how to manage Kubernetes. Kubernetes is a platform for automated deployment, scaling, and operation of application containers across clusters of hosts, providing container-centric infrastructure. For more information, see https://kubernetes.io.
- Kubernetes/ingress-nginx ingress controller
ingress-config.yml
settings -
A Kubernetes deployment for IBM® API Connect requires the kubernetes/ingress-nginx ingress controller implementation (see https://github.com/kubernetes/ingress-nginx) with SSL passthrough enabled.Important: When deploying to an OpenShift environment, an ingress controller is not used. Setting the
ingress-type
parameter toroute
usingapicup subsys set SUBSYS ingress-type route
command completes the configuration for the ingress on OpenShift. See Settings for OpenShiftAPI Connect v2018 currently only supports Helm2, but for the purpose of installing the ingress controller we recommend using Helm3 just for that part of the installation. Follow these steps:
- Create a file
ingress-config.yaml
where the following values are required:controller: admissionWebhooks: enabled: false config: ssl-protocols: TLSv1.2 extraArgs: annotations-prefix: ingress.kubernetes.io enable-ssl-passthrough: true
You may use the following sample ingress-config.yml file to configure the ingress controller:
controller: admissionWebhooks: enabled: false config: hsts-max-age: "31536000" keepalive: "32" log-format: '{ "@timestamp": "$time_iso8601", "@version": "1", "clientip": "$remote_addr", "tag": "ingress", "remote_user": "$remote_user", "bytes": $bytes_sent, "duration": $request_time, "status": $status, "request": "$request_uri", "urlpath": "$uri", "urlquery": "$args", "method": "$request_method", "referer": "$http_referer", "useragent": "$http_user_agent", "software": "nginx", "version": "$nginx_version", "host": "$host", "upstream": "$upstream_addr", "upstream-status": "$upstream_status" }' main-snippets: load_module "modules/ngx_stream_module.so" proxy-body-size: "0" proxy-buffering: "off" server-name-hash-bucket-size: "128" server-name-hash-max-size: "1024" server-tokens: "False" ssl-ciphers: HIGH:!aNULL:!MD5 ssl-prefer-server-ciphers: "True" ssl-protocols: TLSv1.2 use-http2: "true" worker-connections: "10240" worker-cpu-affinity: auto worker-processes: "1" worker-rlimit-nofile: "65536" worker-shutdown-timeout: 5m daemonset: useHostPort: false extraArgs: annotations-prefix: ingress.kubernetes.io enable-ssl-passthrough: true hostNetwork: true kind: DaemonSet name: controller rbac: create: "true"
- Run the
commands:
helm3 repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm3 repo update helm3 install ingress-controller ingress-nginx/ingress-nginx --namespace kube-system --values ingress-config.yaml
- Create a file
- Kubernetes/ingress-nginx ingress controller
config.map
settings -
To ensure that the IBM API Connect services have time to start, increase the proxy-read-timeout and proxy-send-timeout values, which are in seconds, in the
kubernetes/ingress-nginx
ingress controller config.map to at least the following:- proxy-read-timeout: "240"
- proxy-send-timeout: "240"
Attention: In OpenShift, you must individually annotate all routes are for the Management subsystem (updating the corresponding configuration for an ingress controller affects all ingresses). Refer to the OpenShift docs on how to annotate the routes: https://docs.openshift.com/container-platform/4.2/networking/routes/route-configuration.html. - System and Software Requirements
-
The system and software requirements are described in the Software Product Compatibility Reports. See Detailed system requirements for a specific product