Expose AGILITY

To make AGILITY accessible from outside the cluster, various options can be used to expose the agility ClusterIP Kubernetes service. You can leverage the following Kubernetes constructs that align with your predefined guidelines. This includes:

Ingress
LoadBalancer Service
NodePort

Consider your specific network infrastructure, cloud provider capabilities, and security requirements when choosing the appropriate method to expose AGILITY.

agility ClusterIP Kubernetes service can be listed on a deployed environment like the following example:

kubectl -n agility get svc agility
NAME      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
agility   ClusterIP   10.96.129.54   <none>        80/TCP    39d

This service is listening at tcp/80 port and its application protocol is HTTP.

ℹ️ Note HTTP protocol is not encrypted and in consequence there is no TLS termination on it.

Using any of the options, it is strongly recommended to declare the hostname to access AGILITY. This is to avoid the Open Redirect vulnerability. The following sections include the cv.hostname which ensures the application will be only accessible from the declared hostname.

Ingress configuration

The following ingress manifest is an example how an ingress controller can be configured to expose AGILITY.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 100m
    nginx.ingress.kubernetes.io/proxy-buffer-size: 256k
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
  name: agility
spec:
  ingressClassName: nginx
  rules:
  - host: agility.example.com
    http:
      paths:
      - backend:
          service:
            name: agility
            port:
              name: http
        path: /cv
        pathType: Prefix
  tls:
  - hosts:
    - agility.example.com
    secretName: agility.example.com-tls

This ingress manifest creation can be managed by the agility helm chart.

Deploy the AGILITY application chart

Create an override values file (options available in the AGILITY chart):
cd agility-charts cat <<EOF> agility-values-public-access.yaml cv: hostname: agility.example.com ingress: enabled: true hostname: agility.example.com tls: true existentSecret: true ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: 256k nginx.ingress.kubernetes.io/proxy-buffers-number: "4" nginx.ingress.kubernetes.io/proxy-body-size: "100m" EOF
ℹ️ When ingress.existentSecret is true, TLS kubernetes secret name must have the following name: <ingress.hostname>-tls
Run the Helm command to deploy AGILITY:

Load Balancer Service Type

If it is desired to define the agility service as a load balancer type

Deploy the AGILITY application chart

Create an override values file (options available in the AGILITY chart):
Run the Helm command to deploy AGILITY:

To consider:

Services annotations can be added under service.annotations object. This can be useful for certain environments that requires annotations to manage LoadBalancer options.
NodePort number can be enforced under service.nodePorts.http section.

Node Port Service Type

If it is desired to define the agility service as a node port type

Deploy the AGILITY application chart

Create an override values file (options available in the AGILITY chart):
Run the Helm command to deploy AGILITY:

To consider:

Services annotations can be added under service.annotations object. This can be useful for certain environments that requires annotations to manage LoadBalancer options.
NodePort number can be enforced under service.nodePorts.http section.