Stefan Cronje · Feb 26, 2021

A few questions on IKO and IAM

Hi *.*,

I am new to IRIS, IKO and IAM. I have read through a lot of the documentation, but I need clarity on some things that I can't find in the documentation.

  • Which Load Balancer does IKO use on the ingress? Can it be set to use another one? e.g. nginx-kubernetes + GCP LoadBalancer?
  • On a multi-compute and multi-data instances deployment, how do you get to the Management Portal of each instance? i.e. The load balancer is the only point of entry into the cluster exposing 1972 and 52773, so how do I route to the individual instances?
  • If using IAM, will this be on a VM running in a container outside the cluster?

Thank you in advance.


Product version: IRIS 2020.3
1 0 2 86
Log in or sign up to continue


Hi Stefan - 

I'll try to answer your questions in order.  If you want to know more, let me know.

  • IKO does not currently configure any kubernetes ingress, but there is a service that is configured which you could choose to configure for external access (a load balancer, for example).  You can set this via spec.serviceTemplate.spec section of your iriscluster yaml.  That's a spec which gives details about the service that we create.  I like to use ClusterIP for the service type and then create an ingress to give me good control over what is exposed to the internet.  A bit more info can be found here:
  • Regarding routing to individual hosts... From within the cluster (say another pod in the namespace) each other pod is accessible via it's hostname (for example, myCluster-data-0-1) and you can use the kubectl port forwarding feature to allow you administrative access as you may need.  For non-administrative workflows, I suggest creating kubernetes services that point to the subset(s) of pods you want to use for each type of production traffic you want to manage.
  • We are currently working on adding native support for IAM and SAM in IKO, which greatly simplifies installing these products in Kubernetes.  In the meantime, most use cases would want to run IAM inside the cluster by creating a series of kubernetes deployments, services, and ingress to deploy IAM.  I might be able to gin up an example if you're going this way.  

Thank you for all the information and guidelines. I would like to go the IAM route within the cluster, which I think will be the most practical.
If you do have time available, I will take you up on the offer for an IAM example.