Adding custom ingresses
All ingress to dbt Cloud goes through a component called the API Gateway. The Kubernetes deployment that makes up the API Gateway has the label
name: api-gateway and serves up all traffic on port 8000. Within your dbt Cloud installation, you can create custom services and ingresses to these pods by targeting that set of labels with custom services.
Example: on an embedded cluster, add a service that does not terminate TLS
This example only applies to an embedded cluster (dbt Cloud installed onto a VM). Note that exposing dbt Cloud traffic over http is insecure, and not recommended.
apiVersion: v1kind: Servicemetadata:name: api-gateway-http-onlylabels:name: api-gateway-http-onlyspec:ports:- name: httpport: 8000targetPort: 8000nodePort: <port-to-expose-over-http>selector:name: api-gatewaytype: NodePort
Example: on an existing cluster, add a service that terminates TLS
This example only applies to an existing cluster (dbt Cloud installed onto pre-existing Kubernetes). It requires that you have a valid TLS secret available in the same Kubernetes namespace as the dbt Cloud application.
We recommend the nginx ingress controller as a simple way to deploy ingresses that terminate TLS in your cluster. You will need to follow the installation instructions to install the controller before proceeding.
<hostname-to-terminate-tls> with the "hostname" setting from your dbt Cloud instance. Then, apply the YAML manifest below to the namespace where dbt Cloud is installed.
apiVersion: networking.k8s.io/v1beta1kind: Ingressmetadata:annotations:kubernetes.io/ingress.class: nginxname: nginx-ingressspec:tls:- hosts:- "<hostname-to-terminate-tls>"# This assumes tls-secret exists and the SSL# certificate contains a CN for# "<hostname-to-terminate-tls>"secretName: "<tls-secret>"rules:- host: "<hostname-to-terminate-tls>"http:paths:- backend:serviceName: api-gatewayservicePort: 8000path: /
For more examples of using the nginx ingress controller, see the Examples section of their documentation.
Restarting the dbt Cloud Application
Certain tasks may require restarting the dbt Cloud application such as updating a configuration value. In order to accomplish this, the below commands can be run. Note that when these commands are run, the dbt Cloud application (including the IDE and job scheduler) will be unavailable for a few minutes until the restart is complete.
kubectl rollout restart deployment/api-gatewaykubectl rollout restart deployment/appkubectl rollout restart deployment/scheduler
Restarting the Configuration Console (kotsadm)
Certain tasks may require restarting the Configuration Console (kotsadm) such as changing the TLS certificate. In order to accomplish this, the below commands can be run. Note that when these commands are run, the Configuration Console will be unavailable for a few minutes until the restart is complete.
kubectl rollout restart deployment/kotsadmkubectl rollout restart deployment/kotsadm-api