Exposing Hex to your Org

To allow users to access Hex without kubernetes port forwarding, you will need to set up an Ingress to access it. There are many resources and documentation on the web for setting these up, which we link below along with additional information. To ease the setup process, Hex comes pre-bundled with an ALB Ingress if you plan on using ALB to expose the application.

Kubernetes docs:

Example Ingress configuration

This is a very simple Ingress controller that is only the framework for setting up an Ingress. This may work in Docker desktop, but likely won't work as desired in other k8s clusters.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hex
spec:
defaultBackend:
service: hex-main-hex
port:
number: 5000

Using the bundled Hex ALB Ingress

Hex comes bundled with a pre-configured ALB Ingress if you wish to enable it. The only requirements are:

  • ALB Ingress controller is installed in the same k8s cluster as Hex is

  • ACM certificate for the domain you want to host Hex behind

  • Ability to create Route 53 Records for the subdomain

Installing the ALB Ingress controller

You can install the ALB Ingress controller manually by following the guide at https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html

or

By using the lightweight terraform template at https://github.com/hex-inc/cloud-templates/tree/master/aws/modules/alb

Generating an ACM certificate

  1. Create a new certificate in ACM (Amazon Certificate Manager) for the hostname you want to put hex behind (Or re-use an existing wildcard certificate)

    1. Make sure this ACM cert is created in the same region that you will deploy into

    2. E.g. hex.customer.com

    3. Note: Hex does not support being run behind a single-port-proxy yet

Configuring the Ingress in kots

  1. Regain access to your Kots admin UI by running kubectl kots admin-console --namespace hex

  2. Navigate to the "Config" pane

  3. Select the box that says "Enable ALB Ingress"

  4. Add in your ACM certificate ARN, and whether or not you want the ALB to be internal or external

Creating the Route 53 Records

  1. Get the hostname of the new ALB created by typing kubectl get -n hex ingresses

  2. Create a new A record in route 53 for the ALB

    1. Make sure the domain matches the certificate you created earlier

    2. Set it up as an alias for an Application Load Balancer