Can a ingress be added for ratel?

Moved from GitHub charts/13

Posted by orange-oranje:

Ratel is mainly used for access through http from the external world

The apps mostly use the alpha to communicate with Dgraph

I can pick this up, just wanted to know thoughts from someone who knows better

orange-oranje commented :

If ratel is exposed outside using an ingress should the alpha be exposed as well through an ingress ?

encryptblockr commented :

honestly i don’t understand who makes helm-charts and not have a way to expose endpoints so ppl can access outside the kubernetes cluster…like just can’t understand why

appreciate help with creating helm charts for this but it is almost useless to use…where is use case to access this dgraph outside the cluster? where is ingress? just frustrating that many projects all over the place but only a few actually provide real help

the single instance dev using kubectl has the ingress but for some reason they too smart to think no one will need ingress with helm charts

The latest helm chart dgraph-0.0.7 provides endpoints with:

  • service type of LoadBalancer and we added support for service annotations needed for things like external DNS and load balancer configurations
  • ingress resource to configure routes back to the service based on incoming virtual hostname, http url path, and either port 80 or 443. We tested this on ingress-nginx (gke, eks), aws-alb-ingress-controller, and gce

For security best practices with backend databases, I recommend not exposing alpha endpoint to public internet unless restricted to a limited list of IP addresses.

As an alternative, you can use annotations available for either an ingress or a loadbalancer (dependent on provider for external LoadBalancer or ingress controller options) to use an internal private IP for an endpoint. Then you would use either a bastion jump host (ssh) or VPN to connect to internal private network to access the private endpoint.