Configure Cloud-Specific Helm Values

Ingress Internal Service Annotations

Ingress internal service is disabled by default. If enabled, then the internal service annotation requires cloud-specific values.

Include the following configuration in the custom_values.yaml.

GCP

The internal ingress service needs to be annotated with Google’s load balancer. Include the following configuration in the custom_values.yaml.

ingress-nginx: controller: service: internal: enabled: true annotations: networking.gke.io/load-balancer-type: "Internal" cloud.google.com/load-balancer-type: "Internal"

AWS

The internal ingress service needs to be annotated with AWS’s load balancer. Include the following configuration in the custom_values.yaml.

ingress-nginx: controller: service: internal: enabled: true annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true"

Azure

To have the Kloudfuse available on public endpoint, please create a public IP address in the same resource group as the AKS cluster. Also add inbound security rules for HTTP & HTTPS as required.

The internal ingress service needs to be annotated with Azure's load balancer.

ingress-nginx: controller: service: loadBalancerIP: "<<PUBLIC IP ADDRES>>" externalTrafficPolicy: "Local" internal: enabled: true annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true" kfuse-observability-agent: datadog: datadog: kubelet: tlsVerify: false

Kfuse Observability Agent Configuration

On Azure, TLS verification of the observability agent needs to be disabled. Add the following configuration in the custom_values.yaml.