Skip to main content

Privacera Documentation

Externalize access to Privacera Platform services with NGINX Ingress

Note

NGINX Ingress works only with Privacera core services and the Databricks plugin on the AWS environment.

By deploying NGINX Ingress in Privacera, you can provide external access to Privacera services such as Privacera Portal, Audit Server, Solr and Ranger.

To deploy NGINX Ingress, follow these steps:

  1. Copy the .yml file to the /custom-vars directory and open it.

    cd ~/privacera/privacera-manager/ 
    cp config/sample-vars/vars.kubernetes.nginx-ingress.yml config/custom-vars/ 
    vi config/custom-vars/vars.kubernetes.nginx-ingress.yml
  2. To enable NGINX Ingress, set K8S_NGINX_INGRESS_ENABLE:"true".

  3. Choose whether you want to deploy the NGINX Ingress controller for Privacera Manager. If you set it to true, then Privacera Manager deploys NGINX Ingress controller in privacera-services namespace of your Kubernetes cluster.

    Caution

    Do not set the property to true, if NGINX Ingress controller is already installed in your cluster.

    K8S_NGINX_INGRESS_CONTROLLER_ENABLE:"false"
  4. If K8S_NGINX_INGRESS_CONTROLLER_ENABLE is false, then provide your existing controller service load balancer URL.

    NGINX_INGRESS_EXTERNAL_URL:"aaa71bxxxxx-11xxxxx10.us-east-1.elb.amazonaws.com"
  5. By default DNS names of Privacera services are set in the following pattern: service_name-namespace.domain_name. If you want to change the domain-name for the Privacera service URL, edit the following property.

    AWS_ROUTE53_DOMAIN_NAME:"<PLEASE_UPDATE>”
  6. Provide AWS Route53 Zone ID to allow Privacera Manager to create records of DNS names.

    PRIVACERA_AWS_ZONE_ID:"<PLEASE_UPDATE>"

    You can get the value by doing one of the following:

    • Run the following command where your Privacera Manager is installed.

      aws route53 list-hosted-zones-by-name --dns-name <ZONE_NAME> --query HostedZones[].Id --output text | cut -d/ -f3
    • Navigate to your AWS account > Route53 > Hosted Zone ID.