Creating an Ingress resource to use your own TLS certificates
When you deploy IBM® Business Automation Insights in Kubernetes, use your own TLS certificates to expose IBM Business Automation Insights services on the Ingress controller.
About this task
- Set the services type to ClusterIP.
- Choose the host names to provide access to the services.
- Provide SSL/TLS certificates that match the host names and package them as Kubernetes secrets.
- Create your own Ingress resource to expose the ClusterIP services on the host names that you have chosen.
When you deploy IBM Business Automation Insights, three Kubernetes services are created: the IBM Business Automation Insights administration REST API and --if you use embedded Elasticsearch and Kibana rather than an external Elasticsearch installation-- the Elasticsearch REST API and Kibana.
In previous releases, IBM Business Automation Insights services are exposed through a Kubernetes Ingress resource that uses self-signed certificates.
In version 18.0.2, IBM Business Automation Insights provides no Ingress anymore. When you deploy IBM Business Automation Insights, the services are exposed by default as NodePort services.
The three services must be accessed through HTTPS and are protected by self-signed TLS certificates. However, this practice is not a safe in a production environment. Therefore, whichever IBM Business Automation Insights version you work with, you must create your own Ingress and use the HTTPS protocol with your own set of trusted certificates. To do so, you set IBM Business Automation Insights services to the ClusterIP service type and, from the Ingress resource that you create, you reference the ClusterIP services.
Changing the service type to ClusterIP
About this task
Procedure
Using IBM Cloud Private 3.1 Ingress controller
About this task
Procedure
Results
Service | URL for 18.0.0 and 18.0.1 | URL for 18.0.2 |
---|---|---|
Administration REST API | https://admin.bai.mycluster.icp/ | https://admin.bai.mycluster.icp/ |
Elasticsearch REST API | https://es-ibm-dba-ek-client/elasticsearch-ibm-dba-ek-my-helm-release/ | https://es-ibm-dba-ek-client/ |
Kibana | https://kibana.bai.mycluster.icp/kibana-ibm-dba-ek-my-helm-release/ | https://kibana.bai.mycluster.icp/ |