Back to Top

Use Google Kubernetes Engine Ingress for Application Load Balancers

In this topic

  1. Prerequisites
  2. Add annotations to the in-cluster ingress controller service
  3. Create the Ingress object

A cluster-level ingress controller can be used to route traffic to an ArcGIS Enterprise deployment on Google Kubernetes Engine (GKE). For more information, see Cluster-level ingress controllers.

Note:

This workflow should be performed prior to configuring an ArcGIS Enterprise organization. ArcGIS Enterprise Manager can be accessed from a browser once a load balancer has been deployed and configured.

Prerequisites

Review the general prerequisites and ensure the following GKE-specific prerequisites are met:

  • You must have created a cluster in GKE.
  • The HTTP Load Balancing add-on must be enabled on your cluster.
  • Kubectl must be installed on your client machine. Ensure that you can connect and issue commands to the Kubernetes API Server that is associated with the created cluster.
  • The Google Cloud Platform CLI must be installed on your client machine. Ensure that you can authenticate to the project in which your GKE cluster exists.
  • You must have created a self-managed certificate within your Google Cloud project. Once the certificate exists within your project, take note of its name. Alternatively, this certificate can be specified within a Kubernetes Secret for later use, which will need to be created within the deployment namespace.

Add annotations to the in-cluster ingress controller service

Add annotations to the in-cluster ingress controller service following the initial deployment of ArcGIS Enterprise on Google Kubernetes Engine.

  1. Run the following command to add an annotation to the deployed service that will ensure that TLS communication is used:
    kubectl annotate svc arcgis-ingress-nginx -n <namespace> cloud.google.com/app-protocols='{"https":"HTTPS"}'
  2. Add an additional annotation to the in-cluster controller service to configure a health check for your organization.

    This can be done using BackendConfig CRD.

    1. Copy and save the following YAML data to a text editor on your client workstation.

      In this example, the file is saved as backendconfig.yaml.

      apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
  name: my-backendconfig
  namespace: <deploymentNamespace>
spec:
  healthCheck:
    type: HTTPS
    requestPath: /<context>/admin
    port: 443

      Note:

      Additional health check parameters can be added to the BackendConfig object YAML to suit organizational needs. To understand the additional health check parameters that can be added to the BackendConfig spec, see the Google Cloud documentation. You will need to update the value for context within the requestPath field to match the context path that was specified during deployment.

    2. Create the BackendConfig object using the following command:
      kubectl apply -f backendconfig.yaml
    3. Annotate the in-cluster ingress controller service with the following annotation:
      kubectl annotate svc arcgis-ingress-nginx -n <namespace> cloud.google.com/backend-config='{"default": "my-backendconfig"}'
      This will ensure that the previously created health check is used by the load balancer that will be deployed by the GKE ingress controller.

Create the Ingress object

Now that the annotations have been added to the in-cluster ingress controller service, create the Ingress object using the following steps:

  1. Copy the following YAML data to a file on your client machine:
    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: arcgis-enterprise-ingress
  namespace: <deploymentNamespace>
  annotations:
    kubernetes.io/ingress.class: "gce"
    kubernetes.io/ingress.allow-http: "false"
    ingress.gcp.kubernetes.io/pre-shared-cert: "<certificateName>"
spec:
  defaultBackend:
    service:
      name: arcgis-ingress-nginx
      port:
        number: 443
  rules:
  - host: <deploymentFQDN>
    http:
      paths:
      - path: /<context>
        pathType: Prefix
        backend:
          service:
            name: arcgis-ingress-nginx
            port:
              number: 443
  2. Replace the following values:
    • certificateName—Provide the name of the newly uploaded certificate.
    • deploymentFQDN—Provide the fully qualified domain name that was specified during deployment.
    • namespace—Provide the namespace in which you have deployed ArcGIS Enterprise on Kubernetes.
    • context—Provide the context that was specified during deployment.
  3. Save this YAML data into a file on your client machine (for example, as a file called ingress.yaml), and apply it to your cluster using the following command:
    kubectl apply -f ingress.yaml

Once you complete this workflow, an Ingress object called arcgis-enterprise-ingress is created. Upon creating this Ingress object, the GKE Ingress Controller will provision an Application Load Balancer in your Google Cloud Platform project. An associated Network Endpoint Group will be created, which will contain the backend in-cluster NGINX ingress controller pod IP address. Once the load balancer has been created, your ArcGIS Enterprise deployment should be accessible, and an A record can be created that directs clients from the fully qualified domain name that was specified during the initial deployment to the provisioned load balancer.

Note:

The arcgis-ingress-controller deployment may need to be refreshed to make a proper connection through the newly created Ingress. If you receive an error when accessing ArcGIS Enterprise Manager after creating the ingress, try running the following:

kubectl rollout restart deployment/arcgis-ingress-controller -n <deploymentNamespace>

Feedback on this topic?

In this topic
  1. Prerequisites
  2. Add annotations to the in-cluster ingress controller service
  3. Create the Ingress object