Self-Managed Shipa Ingress Choices

When installing the Shipa control plane, an ingress controller will be installed in the shipa-system namespace. This ingress controller manages traffic to the Shipa API as well as the Shipa Dashboard. At a high level, an ingress controller routes requests that it receives to a Kubernetes service based on the hostname and the port of the request. Within the Helm chart used to install the Shipa control plane, you can control how the service for the ingress controller is exposed, which in turn affects how you interact with the Shipa endpoints. The three types of service that can be used to expose the ingress controller are LoadBalancer, NodePort, and ClusterIP.

LoadBalancer Service Type

A service type of LoadBalancer is the default when installing the Shipa control plane and therefore does not require any customization of the Helm values used. It does however require that your Kubernetes cluster supports the LoadBalancer type, otherwise the service will show a status of pending and behave similarly to NodePort. Once the ingress controller is up and the LoadBalancer request has been fulfilled, you can see details such as the hostname of the load balancer (details are dependent on your infrastructure provider) using the following:

kubectl get svc -n shipa-system shipa-ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[*]}'

You can also see how the exposed services in your cluster can be reached by looking at the Ingress objects in the shipa-system namespace. Here is how you can find the configured addresses for the Shipa Dashboard:

kubectl get ingress -n shipa-system -l shipa.io/app-name=dashboard -o jsonpath='{range .items[*].spec.rules[*]}{@.host}{"\n"}{end}'

The ingress hostname will need to be have DNS configured to point traffic to the provisioned load balancer, either as a CNAME if the load balancer has a hostname or an A record if it only has an IP address. To quickly test things you can configure the IP address of the load balancer and the hostname associated with the ingress in your /etc/hosts file. Keep in mind that if you wish to connect to the Shipa Dashboard via HTTPS, if a certificate is not set up for the hostname being used you will receive the “Kubernetes Ingress Controller Fake Certificate“ and you will receive browser warnings that the certificate is not valid.

NodePort Service Type

If the nodes of your Kubernetes cluster are directly accessible you can expose the ingress using NodePort. In order to specify the use of a NodePort service type for the ingress controller, you need to provide value overrides for Helm similar to this:

shipaCluster:
  ingress:
    # ingress controller type
    # supported: (nginx, istio, traefik)
    type: nginx
    serviceType: NodePort
    # if provided it will be used as node port for shipa managed nginx ingress controller
    nodePort: 31000

To leverage NodePort service as your ingress you will need to pass the hostname in the request, which can be done by configuring DNS to point to the IPs of your nodes or manually setting the resolution up in /etc/hosts, but for testing purposes, you can use the --resolve argument for curl to ensure the Shipa Dashboard is available. You will need the host, the IP of a worker, and the NodePort value.

# List configured hosts for the Shipa Dashboard
kubectl get ingress -n shipa-system -l shipa.io/app-name=dashboard -o jsonpath='{range .items[*].spec.rules[*]}{@.host}{"\n"}{end}'

# Get the apiNodePort value (will match what was sent to Helm)
kubectl get svc -n shipa-system shipa-ingress-nginx -o jsonpath='{.spec.ports[?(@.name == "http")].nodePort}'

# Check Node details for External IP address
kubectl get node -o wide

# Check for a valid response from the Dashboard (HTML/JavaScript)
curl http://<hostname>:<NodePort> --resolve <hostname>:<NodePort>:<IP_of_node>

ClusterIP Service Type

A service for the ingress controller will always have a ClusterIP, but to ensure that it is consistently set rather than randomly assigned, you can specify the ClusterIP value in the overrides passed to Helm:

shipaCluster:
  ingress:
    # ingress controller type
    # supported: (nginx, istio, traefik)
    type: nginx
    serviceType: ClusterIP
    # if provided it will be used as node port for shipa managed nginx ingress controller
    clusterIp: 31000

To access a service that is only has a ClusterIP you need to use port forwarding to connect to the ingress controller from your local machine. Keep in mind that you will need to expose both the Dashboard port (80 or 443)

kubectl port-forward -n shipa-system $(kubectl get po -n shipa-system -l name=shipa-nginx-ingress -o name) 8888:80 8081:8081

Now you can access the ingress controller by setting the hostname configured for the ingress specified by:

kubectl get ingress -n shipa-system -l shipa.io/app-name=dashboard -o jsonpath='{range .items[*]}{@.metadata.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect}{range @.spec.rules[*]}{@.host} {"\n"}{end}{end}' | grep -v '^true'

And then you can add an entry to use localhost for that domain in your /etc/hosts file (%SystemRoot%\System32\drivers\etc\hosts on Windows) like this:

127.0.0.1 hostname.for.dashboard

Install Shipa with pre-existing ingress controllers

Shipa can be installed to use existing nginx or istio or traefik.

Helm settings:

shipaCluster:
  ingress:
    # ingress controller type
    # supported: (nginx, istio, traefik)
    type: nginx
    serviceType: LoadBalancer
    # ingress controller ip address
    # if provided we asume user provided ingress controller should be used and create api resources for it
    ip: <LB Host name or IP address>
    # shipaCluster.ingress.className Ingress controller class name. If undefined, in most places we set default: nginx, traefik, istio. If we detect that it's shipa managed nginx, we default to shipa-nginx-ingress
    className: <Ingress controller class name>

Did this page help you?