GitOps Runtimes with ingress controllers/service meshes

Requirements for installing GitOps Runtimes with ingress/service-mesh access modes

Installation with ingress controllers/service meshes

When installing the GitOps Runtime to ingress controllers or service meshes, you need to configure these before installation. These configurations affect how the runtime communicates within the cluster and with external services.

In addition to the tunnel-based access mode which is is the default, the GitOps Runtime also supports ingress-based and service-mesh based access modes.

• Ingress-based access mode
  The ingress controller configured on the same Kubernetes cluster as the GitOps Runtime, implements the ingress traffic rules for the GitOps Runtime.
• Service-mesh based access mode
  The runtime integrates with a service mesh for communication. For details, see GitOps Runtime architecture.

Pre-installation configuration

Configure ingress controllers and service meshes before installing the GitOps Runtime. See Pre-installation: Configure ingress controllers/service meshes.

Installation command flags

The Runtime Install command requires additional flags to specify ingress or service-mesh compatibility. See Install Runtime command for ingress-based/service-mesh based access modes.

Post-installation configuration

After installing the GitOps Runtime, specific ingress controllers and service meshes need additional configuration. See Post-installation: Configure ingress controllers/service meshes.

Pre-installation: Configure ingress controllers/service meshes

For GitOps Runtimes using ingress-based and service-mesh based access modes, verify they are configured correctly before installation.

• Ambassador ingress configuration
• AWS ALB ingress configuration
• Istio ingress configuration
• NGINX Enterprise ingress configuration
• NGINX Community ingress configuration
• Traefik ingress configuration

Installation: Install Runtime command for ingress-based/service-mesh based access modes

When installing the GitOps Runtime using either ingress-based or service-mesh based access modes, the Install Runtime Command requires additional flags.

Ingress-based install command

Following are the additional flags you need to add to the install command for ingress-based access modes.

  --set global.runtime.ingress.enabled=true \
  --set "global.runtime.ingress.hosts[0]"=<ingress-host> \
  --set global.runtime.ingress.className=<ingress-class> \ 

where:

• global.runtime.ingress.enabled=trueis mandatory for ingress-based Runtimes. Indicates the runtime is ingress-based.
• <ingress-host> is the IP address or hostname of the ingress controller. Mandatory for ingress-based Runtimes.
• <ingress-class> is the ingress class of the ingress controller (e.g., nginx for the NGINX ingress controller). Mandatory for ingress-based Runtimes.

Service-mesh-based install command (without ingress and tunnel)

Following are the additional flags you need to add to the install command for service-mesh based access modes.

  --set global.runtime.ingressUrl=<ingress-url> \
  --set global.runtime.ingress.enabled=false \
  --set tunnel-client.enabled=false \

where:

• global.runtime.ingressUrl=<ingress-url> is the ingress URL that serves as the entry point to the cluster.
• global.runtime.ingress.enabled=false explicitly disables ingress-based access mode.
• tunnel-client.enabled=false explicitly disables tunnel-based access mode.

Post-installation: Configure ingress controllers/service meshes

Required only for ALB AWS and NGINX Enterprise ingress-controllers, and Istio service meshes.

• Complete configuring these ingress controllers after installing the GitOps Runtime:
  • ALB AWS: Alias DNS record in route53 to load balancer
  • Istio: Configure cluster routing service
  • NGINX Enterprise ingress controller: Patch certificate secret

Related articles

GitOps Runtime architecture
Runtime prerequisites
Install GitOps Runtime with existing Argo CD
Install GitOps Runtime with new Argo CD