This tutorial explains how to set up the nginx ingress controller to expose the hoop gateway web and gRPC services with TLS.
- EKS Cluster
To obtain a certificate for the NGINX Ingress Controller, you need to request it and then configure it in your DNS system.
- appdemo.hoop.dev (webapp/api)
shellAPI_HOST=appdemo.hoop.dev mkdir -p $HOME/certbot certbot -d $API_HOST --manual --preferred-challenges dns certonly \ --config-dir $HOME/certbot \ --work-dir $HOME/certbot \ --logs-dir $HOME/certbot
- appdemo-grpc.hoop.dev (grpc)
shellGRPC_HOST=appdemo-grpc.hoop.dev certbot -d $GRPC_HOST --manual --preferred-challenges dns certonly \ --config-dir $HOME/certbot \ --work-dir $HOME/certbot \ --logs-dir $HOME/certbot
- Create the namespace
shellkubectl create ns appdemo
- TLS Web / API
shellkubectl create secret tls tls-web -n appdemo \ --key $HOME/certbot/live/$API_HOST/privkey.pem \ --cert $HOME/certbot/live/$API_HOST/fullchain.pem
- TLS gRPC
shellkubectl create secret tls tls-grpc -n appdemo \ --key $HOME/certbot/live/$GRPC_HOST/privkey.pem \ --cert $HOME/certbot/live/$GRPC_HOST/fullchain.pem
Deploy the Ingress Controller
shellhelm upgrade --install ingress-nginx ingress-nginx \ --repo https://kubernetes.github.io/ingress-nginx \ --namespace ingress-nginx --create-namespace
Obtain the DNS of the load balancer that was provisioned by the ingress, and configure a CNAME record in your DNS provider.
shellLB_HOST=$(kubectl get svc -n ingress-nginx ingress-nginx-controller \ -o 'jsonpath={.status.loadBalancer.ingress[0].hostname}')
DNS Configuration
DNS | TYPE | VALUE |
appdemo.hoop.dev | CNAME | $LB_HOST |
appdemo-grpc.hoop.dev | CNAME | $LB_HOST |
Deploy a postgres instance in the cluster
Postgres Deployment
See the Auth0 guide on how to create an OAuth2 application. Export the variables listed below:
shellexport API_URL=https://$API_HOST export GRPC_URL=grpcs://$GRPC_HOST:443 export IDP_ISSUER= export IDP_CLIENT_ID= export IDP_CLIENT_SECRET= export IDP_AUDIENCE=
If you want to use a different identity provider, ensure that you expose any additional environment variables and add them to the values.yaml file (refer to the instructions below).
Deploy the gateway instance
shellcat - > values.yaml <<EOF config: API_URL: "$API_URL" GRPC_URL: "$GRPC_URL" IDP_ISSUER: "$IDP_ISSUER" IDP_CLIENT_ID: "$IDP_CLIENT_ID" IDP_CLIENT_SECRET: "$IDP_CLIENT_SECRET" IDP_AUDIENCE: "$IDP_AUDIENCE" LOG_LEVEL: debug LOG_GRPC: 2 xtdbConfig: PG_HOST: postgres.appdemo PG_PORT: '5432' PG_USER: root PG_PASSWORD: 1a2b3c4d PG_DB: hoopdb ingressApi: enabled: true ingressClassName: nginx host: $API_HOST tlsSecret: tls-web ingressGrpc: enabled: true ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/backend-protocol: GRPC host: $GRPC_HOST tlsSecret: tls-grpc EOF
shellVERSION=1.17.3 helm upgrade --install hoop -n appdemo \ https://releases.hoop.dev/release/$VERSION/hoop-chart-$VERSION.tgz \ -f values.yaml
- Configure the hoop client and login to the instance
shellhoop config create --api-url $API_URL hoop login
- Create an agent key
shellHOOP_KEY=$(hoop admin create agent demo)
- Deploy the agent
shellhelm upgrade --install hoopagent -n appdemo \ https://releases.hoop.dev/release/$VERSION/hoopagent-chart-$VERSION.tgz \ --set "config.gateway.key=$HOOP_KEY"
Debugging
If you need to debug the gRPC connection, re deploy the agent with the configuration
LOG_GRPC=2
shellhelm upgrade --install hoopagent -n appdemo \ https://releases.hoop.dev/release/$VERSION/hoopagent-chart-$VERSION.tgz \ --set "config.gateway.key=$HOOP_KEY" \ --set "config.LOG_GRPC=2"