Prisma Cloud Compute:How to configure Twistlock to use Nginx Ingress Controller in Kubernetes
7124
Created On 11/11/19 22:36 PM - Last Modified 04/21/22 19:21 PM
Objective
This guide shows you how to configure the Nginx ingress controller for Twistlock Console communications. Console serves its UI and API on ports 8081 (HTTP) and 8083 (HTTPS). You’ll set up an ingress controller to forward requests to port 8081 on the backend Console.
Note that the Console and Defender communications that occur over port 8084 are not included in this example. There are properties of those connections that are not well supported by the Nginx Ingress.
Prerequisites
- You have a Kubernetes cluster and you can create LoadBalancers from YAML configuration files.
- You have enabled Ingress on your cluster.
Environment
- Self-Hosted 19.11 or later
Procedure
Your controller should point to / on your twistlock-console service.
In the sample provided below, you create an ingress definition for "console-yourconsole.example.com". Both of these endpoints should point to your twistlock-console service created by the DaemonSet definition you generated during your Kubernetes install.
ingress.yml
#---incomplete sample ingress definitions---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: console-ingress
namespace: twistlock
annotations:
kubernetes.io/ingress.class: "nginx"
# your other ingress annotations
spec:
rules:
- host: console-yourconsole.example.com
http:
paths:
- path: /
backend:
serviceName: twistlock-console
servicePort: 8081
tls:
- secretName: console-cert
hosts:
- console-yourconsole.example.com
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: console-ingress
namespace: twistlock
annotations:
kubernetes.io/ingress.class: "nginx"
# your other ingress annotations
spec:
rules:
- host: console-yourconsole.example.com
http:
paths:
- path: /
backend:
serviceName: twistlock-console
servicePort: 8081
tls:
- secretName: console-cert
hosts:
- console-yourconsole.example.com