-
Create a file called ingress-rbac.yaml with the text
below:
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: acs:psp namespace: alfresco rules: - apiGroups: - policy resourceNames: - kube-system resources: - podsecuritypolicies verbs: - use --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: acs:psp:default namespace: alfresco roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: acs:psp subjects: - kind: ServiceAccount name: default namespace: alfresco --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: acs:psp:acs-ingress namespace: alfresco roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: acs:psp subjects: - kind: ServiceAccount name: acs-ingress namespace: alfresco
-
Use the kubectl command to create the cluster roles required
by the ingress service:
kubectl apply -f ingress-rbac.yaml -n alfresco
-
Deploy the ingress (replace ACM_CERTIFICATE_ARN and
YOUR-DOMAIN-NAME with the ARN of the certificate and hosted
zone created earlier in the DNS section):
helm install acs-ingress ingress-nginx/ingress-nginx --version=3.7.1\ --set controller.scope.enabled=true \ --set controller.scope.namespace=alfresco \ --set rbac.create=true \ --set controller.config."proxy-body-size"="100m" \ --set controller.service.targetPorts.https=80 \ --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol"="http" \ --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-ports"="https" \ --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert"="ACM_CERTIFICATE_ARN" \ --set controller.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="acs.YOUR-DOMAIN-NAME" \ --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-negotiation-policy"="ELBSecurityPolicy-TLS-1-2-2017-01" \ --set controller.publishService.enabled=true \ --atomic \ --namespace alfresco
Note: The command will wait until the deployment is ready.