Ingress Overview

EOEPCA+ requires an Ingress Controller to route external traffic into the platform’s services. This setup typically depends on Wildcard DNS so that multiple services (hostnames) can be exposed under a single domain (e.g. *.example.com).

Two Ingress Options

1. APISIX Ingress
   - Recommended for environments needing IAM integration with policy-based access control.

2. Nginx Ingress
   - Suitable only for open-access scenarios where IAM-based request authorization is not required.

You must choose one of these ingress controllers based on your security and access control requirements:

• For deployments requiring IAM-based authorization, you must use APISIX.
• For deployments that are fully open or don’t need IAM-based authorization, NGINX can be used.

You can install either one for a basic deployment. If your deployment demands multiple ingress controllers simultaneously, see Multiple Ingress Controllers.

Before proceeding:
- Ensure a wildcard DNS entry is pointing to your cluster’s load balancer or external IP, e.g., *.myplatform.com.
- Confirm your cluster is reachable on the required ports (80/443) or has NodePort alternatives set up.

For testing, wildcard DNS can be simulated using IP-address-based nip.io hostnames, using the entrypoint IP-address of your cluster that routes to your ingress controller.

Continue with the approach best suited for your environment:

• Install APISIX →
• Install NGINX →