8.6 Creating the Ingress

Run the following commands to create the ingress:

  1. Navigate to the $WORKDIR:
     cd $WORKDIR
  2. Run the following helm command to create the ingress:
    helm install governancedomain-nginx kubernetes/charts/ingress-per-domain \
    --namespace <domain_namespace> \
    --values kubernetes/charts/ingress-per-domain/values.yaml
    

    Note:

    The $WORKDIR/kubernetes/charts/ingress-per-domain/templates/nginx-ingress-ssl.yaml has nginx.ingress.kubernetes.io/enable-access-log set to false. If you want to enable access logs then set this value to true before executing the command. Enabling access-logs can cause issues with disk space if not regularly maintained.
    For example:
    helm install governancedomain-nginx kubernetes/charts/ingress-per-domain --namespace oigns --values kubernetes/charts/ingress-per-domain/values.yaml
    The output will look similar to the following:
    NAME: governancedomain-nginx
    LAST DEPLOYED: <DATE>
    NAMESPACE: oigns
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None
  3. Run the following command to show the ingress is created successfully:
    kubectl get ing -n <domain_namespace>
    For example
    kubectl get ing -n oigns
    If hostname.enabled: false, the output will look similar to the following:
    
    NAME                     CLASS    HOSTS   ADDRESS   PORTS   AGE
    governancedomain-nginx   <none>   *                 80      49s
    
  4. Run the following command to check the ingress:
    kubectl describe ing <ingress> -n <domain_namespace>
    For example:
    kubectl describe ing governancedomain-nginx -n oigns
    The output will look similar to the following:
    Name:             governancedomain-nginx
    Labels:           app.kubernetes.io/managed-by=Helm
    Namespace:        oigns
    Address:          10.109.22.22
    Ingress Class:    nginx
    Default backend:  <default>
    Rules:
      Host        Path  Backends
      ----        ----  --------
      *
                  /console                        governancedomain-adminserver:7001 (10.244.1.43:7001)
                  /consolehelp                    governancedomain-adminserver:7001 (10.244.1.43:7001)
                  /em                             governancedomain-adminserver:7001 (10.244.1.43:7001)
                  /management                     governancedomain-adminserver:7001 (10.244.1.43:7001)
                  /ws_utc                         governancedomain-cluster-soa-cluster:7003 (10.244.2.247:7003)
                  /soa                            governancedomain-cluster-soa-cluster:7003 (10.244.2.247:7003)
                  /integration                    governancedomain-cluster-soa-cluster:7003 (10.244.2.247:7003)
                  /soa-infra                      governancedomain-cluster-soa-cluster:7003 (10.244.2.247:7003)
                  /identity                       governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /admin                          governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /dms                            governancedomain-adminserver:7001 (10.244.1.43:7001)
                  /oim                            governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /sysadmin                       governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /workflowservice                governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /callbackResponseService        governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /spml-xsd                       governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /HTTPClnt                       governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /reqsvc                         governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /iam                            governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /provisioning-callback          governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /CertificationCallbackService   governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /ucs                            governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /FacadeWebApp                   governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /OIGUI                          governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
                  /weblogic                       governancedomain-cluster-oim-cluster:14000 (10.244.2.248:14000)
    Annotations:  meta.helm.sh/release-name: governancedomain-nginx
                  meta.helm.sh/release-namespace: oigns
                  nginx.ingress.kubernetes.io/affinity: cookie
                  nginx.ingress.kubernetes.io/affinity-mode: persistent
                  nginx.ingress.kubernetes.io/enable-access-log: false
                  nginx.ingress.kubernetes.io/proxy-read-timeout: 180
                  nginx.ingress.kubernetes.io/proxy-send-timeout: 180
                  nginx.ingress.kubernetes.io/session-cookie-name: sticky
    Events:
      Type    Reason  Age                From                      Message
      ----    ------  ----               ----                      -------
      Normal  Sync    72s (x2 over 83s)  nginx-ingress-controller  Scheduled for sync
    
  5. To confirm that the new ingress is successfully routing to the domain’s server pods, run the following command to send a request to the OIG Enterprise Manager Fusion Middleware Control:
    • For SSL:
      curl -v -k https://${HOSTNAME}:${PORT}/em
      
    • For NONSSL:
      curl -v http://${HOSTNAME}:${PORT}/em
    Where ${HOSTNAME} is the host.domain of any of the nodes in the Kubernetes cluster, and ${PORT} is the ingress controller port. For example http://oig.example.com:30777/em.
    For example:
    curl -v http://oig.example.com:30777/em
    The output will look similar to the following. You should receive a 302 Moved Temporarily message:
    > GET /em HTTP/1.1
    > Host: oig.example.com:30777
    > User-Agent: curl/7.61.1
    > Accept: */*
    >
    < HTTP/1.1 302 Moved Temporarily
    < Date: <DATE>
    < Content-Type: text/html
    < Content-Length: 353
    < Connection: keep-alive
    < Set-Cookie: sticky=fda412d59b87742b3b045e51cea11ade|59a94680c4648be4c706b7db494ae03c; Path=/em; HttpOnly
    < Location: http://oig.example.com:30777/em/console/home
    < X-ORACLE-DMS-ECID: 9f09f338-557f-494c-b93c-a73817b15ef0-00000838
    < X-ORACLE-DMS-RID: 0
    < X-Content-Type-Options: nosniff
    < Set-Cookie: ADMINCONSOLESESSION=yCmKRBfyGrPN5ZUFb1Ys4CRyKisRHhcnuJfhUaSgswd5aPfTZGhO!1679590153; path=/; HttpOnly
    < X-Frame-Options: DENY
    <
    <html><head><title>302 Moved Temporarily</title></head>
    <body bgcolor="#FFFFFF">
    <p>This document you requested has moved
    temporarily.</p>
    
    <p>It's now at <a href="http://oig.example.com:30777/em/">http://oig.example.com:30777/em/</a>.</p>
    </body></html>
    * Connection #0 to host oig.example.com left intact

After confirming the above, verify that the domain applications are accessible. See, Validating the Domain URLs.