Skip to main content

Privacera Documentation

Externalize access to Privacera Platform services with NGINX Ingress

Note

NGINX Ingress works only with Privacera core services and the Databricks plugin on the AWS environment.

By deploying NGINX Ingress in Privacera, you can provide external access to Privacera services such as Privacera Portal, Audit Server, Solr and Ranger.

To deploy NGINX Ingress, follow these steps:

  1. Copy the .yml file to the /custom-vars directory and open it.

    cd ~/privacera/privacera-manager/ 
    cp config/sample-vars/vars.kubernetes.nginx-ingress.yml config/custom-vars/ 
    vi config/custom-vars/vars.kubernetes.nginx-ingress.yml
  2. To enable NGINX Ingress, set K8S_NGINX_INGRESS_ENABLE:"true".

  3. Provide your existing controller service load balancer URL.

    NGINX_INGRESS_EXTERNAL_URL:"aaa71bxxxxx-11xxxxx10.us-east-1.elb.amazonaws.com"
  4. By default DNS names of Privacera services are set in the following pattern: service_name-namespace.domain_name. If you want to change the domain-name for the Privacera service URL, edit the following property.

    AWS_ROUTE53_DOMAIN_NAME:"<PLEASE_UPDATE>”
  5. Provide AWS Route53 Zone ID to allow Privacera Manager to create records of DNS names.

    PRIVACERA_AWS_ZONE_ID:"<PLEASE_UPDATE>"

    You can get the value by doing one of the following:

    • Run the following command where your Privacera Manager is installed.

      aws route53 list-hosted-zones-by-name --dns-name <ZONE_NAME> --query HostedZones[].Id --output text | cut -d/ -f3
    • Navigate to your AWS account > Route53 > Hosted Zone ID.