ingress-nginx Ingress Configuration¶
To use an 'external' ingress-nginx controller i.e. not the one optionally installed by the Kinetica Operators Helm chart it is necessary to disable ingress in the KineticaCluster CR.
The field spec.ingressController: nginx should be set to spec.ingressController: none.
It is then necessary to create the required Ingress CRs by hand. Below is a list of the Ingress paths that need to be exposed along with sample ingress-nginx CRs.
General Considerations¶
Kinetica Services¶
When setting up your own ingress routes, you can utilize the Kubernetes services created by the Kinetica Operators. The services for the database are in the format CLUSTERNAME-service-rankN.NAMESPACE.svc.cluster.local where CLUSTERNAME is the name of the KineticaCluster resource for the cluster and N is the number of the database rank.
Ports¶
The ports on each Pod and Service are the standard port numbers for Kinetica. Because the Operators use LDAP for authentication, you should route your ingress for API calls to the :8082 port on each service with the path /gpudb-N where N is the number of the rank.
Required Routes¶
When the API must be accessible from outside of the cluster, clients MUST be able to connect to rank0 (head rank), and optionally will need to be able to connect to the worker ranks (rank1+) in order to perform multi-head operations. Ranks should be accessible externally at the path FQDN/CLUSTERNAME/gpudb-N.
Required Ingress Routes¶
Ingress Routes¶
GAdmin Paths¶
| Path | Service | Port |
|---|---|---|
/gadmin | cluster-name-gadmin-service | gadmin (8080/TCP) |
/tableau | cluster-name-gadmin-service | gadmin (8080/TCP) |
/files | cluster-name^-gadmin-service | gadmin (8080/TCP) |
where cluster-name is the name of the Kinetica Cluster i.e. what is in the .spec.gpudbCluster.clusterName in the KineticaCluster CR.
Workbench Paths¶
| Path | Service | Port |
|---|---|---|
/ | workbench-workbench-service | workbench-port (8000/TCP) |
DB rank-0 Paths¶
| Path | Service | Port |
|---|---|---|
/cluster-145025b8(/gpudb-0(/.*|$)) | cluster-145025b8-rank0-service | httpd (8082/TCP) |
/cluster-145025b8/gpudb-0/hostmanager(.*) | cluster-145025b8-rank0-service | hostmanager (9300/TCP) |
DB rank-N Paths¶
| Path | Service | Port |
|---|---|---|
/cluster-145025b8(/gpudb-N(/.*|$)) | cluster-145025b8-rank1-service | httpd (8082/TCP) |
/cluster-145025b8/gpudb-N/hostmanager(.*) | cluster-145025b8-rank1-service | hostmanager (9300/TCP) |
Reveal Paths¶
| Path | Service | Port |
|---|---|---|
/reveal | cluster-name-reveal-service | reveal (8088/TCP) |
/caravel | cluster-name-reveal-service | reveal (8088/TCP) |
/static | cluster-name-reveal-service | reveal (8088/TCP) |
/logout | cluster-name-reveal-service | reveal (8088/TCP) |
/resetmypassword | cluster-name-reveal-service | reveal (8088/TCP) |
/dashboardmodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/dashboardmodelviewasync | cluster-name-reveal-service | reveal (8088/TCP) |
/slicemodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/slicemodelviewasync | cluster-name-reveal-service | reveal (8088/TCP) |
/sliceaddview | cluster-name-reveal-service | reveal (8088/TCP) |
/databaseview | cluster-name-reveal-service | reveal (8088/TCP) |
/databaseasync | cluster-name-reveal-service | reveal (8088/TCP) |
/databasetablesasync | cluster-name-reveal-service | reveal (8088/TCP) |
/tablemodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/csstemplatemodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/csstemplatemodelviewasync | cluster-name-reveal-service | reveal (8088/TCP) |
/users | cluster-name-reveal-service | reveal (8088/TCP) |
/roles | cluster-name-reveal-service | reveal (8088/TCP) |
/userstatschartview | cluster-name-reveal-service | reveal (8088/TCP) |
/permissions | cluster-name-reveal-service | reveal (8088/TCP) |
/viewmenus | cluster-name-reveal-service | reveal (8088/TCP) |
/permissionviews | cluster-name-reveal-service | reveal (8088/TCP) |
/accessrequestsmodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/accessrequestsmodelviewasync | cluster-name-reveal-service | reveal (8088/TCP) |
/logmodelview | cluster-name-reveal-service | reveal (8088/TCP) |
/logmodelviewasync | cluster-name-reveal-service | reveal (8088/TCP) |
/userinfoeditview | cluster-name-reveal-service | reveal (8088/TCP) |
/tablecolumninlineview | cluster-name-reveal-service | reveal (8088/TCP) |
/sqlmetricinlineview | cluster-name-reveal-service | reveal (8088/TCP) |
Example Ingress CRs¶
Example GAdmin Ingress CR¶
Example GAdmin Ingress CR
Example GAdmin Ingress CR
1. where apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cluster-name-gadmin-ingress #(1)!
namespace: gpudb
spec:
ingressClassName: nginx
tls:
- hosts:
- cluster-name.example.com #(1)!
secretName: kinetica-tls
rules:
- host: cluster-name.example.com #(1)!
http:
paths:
- path: /gadmin
pathType: Prefix
backend:
service:
name: cluster-name-gadmin-service #(1)!
port:
name: gadmin
- path: /tableau
pathType: Prefix
backend:
service:
name: cluster-name-gadmin-service #(1)!
port:
name: gadmin
- path: /files
pathType: Prefix
backend:
service:
name: cluster-name-gadmin-service #(1)!
port:
name: gadmin
cluster-name is the name of the Kinetica Cluster Example Rank Ingress CR¶
Example Rank Ingress CR
Example Rank Ingress CR
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cluster-name-rank1-ingress
namespace: gpudb
spec:
ingressClassName: nginx
tls:
- hosts:
- cluster-name.example.com
secretName: kinetica-tls
rules:
- host: cluster-name.example.com
http:
paths:
- path: /cluster-name(/gpudb-1(/.*|$))
pathType: Prefix
backend:
service:
name: cluster-name-rank1-service
port:
name: httpd
- path: /cluster-name/gpudb-1/hostmanager(.*)
pathType: Prefix
backend:
service:
name: cluster-name-rank1-service
port:
name: hostmanager
- where
cluster-nameis the name of the Kinetica Cluster
Example Reveal Ingress CR¶
Example Reveal Ingress CR
Example Reveal Ingress CR
1. where apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cluster-name-reveal-ingress
namespace: gpudb
spec:
ingressClassName: nginx
tls:
- hosts:
- cluster-name.example.com
secretName: kinetica-tls
rules:
- host: cluster-name.example.com
http:
paths:
- path: /reveal
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /caravel
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /static
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /logout
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /resetmypassword
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /dashboardmodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /dashboardmodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /slicemodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /slicemodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /sliceaddview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /databaseview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /databaseasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /databasetablesasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /tablemodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /tablemodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /csstemplatemodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /csstemplatemodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /users
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /roles
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /userstatschartview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /permissions
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /viewmenus
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /permissionviews
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /accessrequestsmodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /accessrequestsmodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /logmodelview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /logmodelviewasync
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /userinfoeditview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /tablecolumninlineview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
- path: /sqlmetricinlineview
pathType: Prefix
backend:
service:
name: cluster-name-reveal-service
port:
name: reveal
cluster-name is the name of the Kinetica Cluster Exposing the Postgres Proxy Port¶
In order to access Kinetica's Postgres functionality some TCP (not HTTP) ports need to be open externally.
For ingress-nginx a configuration file needs to be created to enable port 5432.
tcp-services.yaml
1. Change the namespace to the namespace your ingress-nginx controller is running in. e.g. apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: kinetica-system # (1)!
data:
'5432': gpudb/kinetica-k8s-sample-rank0-service:5432 #(2)!
'9002': gpudb/kinetica-k8s-sample-rank0-service:9002 #(3)!
ingress-nginx 2. This exposes the postgres proxy port on the default
5432 port. If you wish to change this to a non-standard port then it needs to be changed here but also in the Helm values.yaml to match.3. This port is the Table Monitor port and should always be exposed alongside the Postgres Proxy.
Additionally, this config map must be added as an argument in the ingress-nginx controller deployment.
ingress-nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-nginx-controller
namespace: kinetica-system
spec:
containers:
args: '--tcp-services-configmap=kinetica-system/tcp-services'