Expose AGILITY

To make AGILITY accessible from outside the cluster, various options can be used to expose the agility ClusterIP Kubernetes service. You can leverage the following Kubernetes constructs that align with your predefined guidelines. This includes:

• Ingress

• LoadBalancer Service

• NodePort

Consider your specific network infrastructure, cloud provider capabilities, and security requirements when choosing the appropriate method to expose AGILITY.

agility ClusterIP Kubernetes service can be listed on a deployed environment like the following example:

This service is listening at tcp/80 port and its application protocol is HTTP.

ℹ️ Note HTTP protocol is not encrypted and in consequence there is no TLS termination on it.

Using any of the options, it is strongly recommended to declare the hostname to access AGILITY. This is to avoid the Open Redirect vulnerability. The following sections include the cv.hostname which ensures the application will be only accessible from the declared hostname.

Ingress configuration

The following ingress manifest is an example how an ingress controller can be configured to expose AGILITY.

This ingress manifest creation can be managed by the agility helm chart.

Deploy the AGILITY application chart

1. Create an override values file (options available in the AGILITY chart):

   cd agility-charts cat <<EOF> agility-values-public-access.yaml cv: hostname: agility.example.com ingress: enabled: true hostname: agility.example.com tls: true existentSecret: true ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: 256k nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-body-size: "100m" EOF

   ℹ️ When ingress.existentSecret is true, TLS kubernetes secret name must have the following name: <ingress.hostname>-tls

2. Run the Helm command to deploy AGILITY:

   helm --namespace agility upgrade --install --create-namespace agility ./agility --values agility-values-public-access.yaml

Load Balancer Service Type

If it is desired to define the agility service as a load balancer type

Deploy the AGILITY application chart

1. Create an override values file (options available in the AGILITY chart):

   cd agility-charts cat <<EOF> agility-values-public-access.yaml cv: hostname: agility.example.com service: type: LoadBalancer EOF

2. Run the Helm command to deploy AGILITY:

   helm --namespace agility upgrade --install --create-namespace agility ./agility --values agility-values-public-access.yaml

To consider:

• Services annotations can be added under service.annotations object. This can be useful for certain environments that requires annotations to manage LoadBalancer options.

• NodePort number can be enforced under service.nodePorts.http section.

Node Port Service Type

If it is desired to define the agility service as a node port type

Deploy the AGILITY application chart

1. Create an override values file (options available in the AGILITY chart):

   cd agility-charts cat <<EOF> agility-values-public-access.yaml cv: hostname: agility.example.com service: type: NodePort EOF

2. Run the Helm command to deploy AGILITY:

   helm --namespace agility upgrade --install --create-namespace agility ./agility --values agility-values-public-access.yaml

To consider:

• Services annotations can be added under service.annotations object. This can be useful for certain environments that requires annotations to manage LoadBalancer options.

• NodePort number can be enforced under service.nodePorts.http section.