Configure Ingress For DX Compose Deployment

With HAProxy DX Compose deployments, it is easy to use a custom Ingress in front of DX Compose to handle advance requirements to routing, proxying and other similar use cases. This document explains how to leverage external Ingress alongside with HAProxy as the internal reverse proxy and load balancer.

Note

• HCL DX Compose intentionally does not ship any Ingress to reduce DX Compose's deployment footprint in any Kubernetes cluster.
  
• This document shows an example configuration for some Ingress controllers and briefly describes minimally necessary steps to implement it inside a Kubernetes environment. This configuration is neither a proposal nor does HCL provide official support for it.
  
• Implementing an Ingress for use with a HCL DX Compose deployment in Kubernetes is an optional effort based on the Kubernetes cluster’s requirements and customer’s discretion.

Ingress Implementation

The following guide is a basic example on implementing a generic Ingress on your Kubernetes cluster for use with HCL DX Compose. The actual implementation might vary depending on the Cluster's setup and configuration.

• In the DX Compose Helm values by default HAProxy serviceType is set to loadBalancer. To use the external Ingress this must be set to the serviceType applicable for the appropriate use case, for this example ClusterIP is used, with that HAProxy service will not have any External IP.

networking:
  haproxy:
    serviceType: ClusterIP

• Install an Ingress controller of your choice, this will serve as the entry point to the cluster. The Ingress controller applies the rules that are set in the Ingress resources. By design the Ingress controller is a cluster-wide resource and can be deployed in any namespace and does not have to be in the same namespace as DX Compose. The controller can be used to route multiple applications in multiple namespaces. NGINX Ingress Controller is used here as an example. To install a NGINX Ingress on your cluster, please issue the following command:

$ helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace <namespace>

• Check if the Ingress controller pod and service are deployed

$ kubectl get pod -n <namespace>
$ kubectl get service -n <namespace>

• You can configure the connection between Ingress and HAProxy to use either http or https for the internal traffic. For more information, see the topic Configure HAProxy networking.

• Define an Ingress resource that is used to configure the routing rules that point to the existing deployment of HAProxy as the internal service. Configure a host and all of the requests received by the host are handled by <helm release name>-haproxy. A secretName is passed in the tls section to allow the Ingress controller to serve https traffic. The following configuration maps the root path (/) to the HAProxy of DX Compose. If there are other applications in the cluster handled by the same Ingress controller, their paths must be specified explicitly. All other requests are then handled by DX Compose.

Example of an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  ingressClassName: nginx
  tls:
  - secretName: dx-tls-cert
  rules:
  - host: your-kube-deployment.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: <release-name>-haproxy
            port:
              name: haproxy

Advanced configuration

Important

The configuration in the Ingress Implementation section is the recommended configuration and should be used whenever possible.

Note that you must map in the Ingress any custom application deployed or certain configurations. This includes the following:

• Some special functionalities of DX Compose like the Web Application Bridge
• Deployments with the context root changed or removed
• The friendlyUrlContextRoot available for Digital Asset Management

If mapping the root path is not possible for a deployment, map the following paths depending on the configuration of DX Compose:

• /wps (or the custom context root set for WebEngine)
• /dx
• /hcl

Example of an Ingress resource:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  ingressClassName: nginx
  tls:
  - secretName: dx-tls-cert
  rules:
  - host: your-kube-deployment.com
    http:
      paths:
      - path: /wps
        pathType: Prefix
        backend:
          service:
            name: <release-name>-haproxy
            port:
              name: haproxy
      - path: /dx
        pathType: Prefix
        backend:
          service:
            name: <release-name>-haproxy
            port:
              name: haproxy
      - path: /hcl
        pathType: Prefix
        backend:
          service:
            name: <release-name>-haproxy
            port:
              name: haproxy