Configure Comply for a custom NGINX ingress (online environment)

The Comply configuration process requires some extra configuration parameters if you use a custom NGINX ingress.

Before you begin
Follow the instructions to install Puppet Application Manager.
  1. In Puppet Application Manager, upload your Comply license and follow the prompts.
    You’ll be guided through the process of setting up SSL certificates, uploading a license, and checking to make sure your infrastructure meets Comply system requirements.
    Note: The license file is issued by Puppet. If you do not have a license file, contact your Puppet representative. You must also agree to our license agreement. If your license terms update, for example the expiry date or number of licensed nodes, upload your updated license file to Puppet Application Manager.
  2. To configure your installation, click Config.
    1. In the Hostname field, enter the fully qualified domain name (FQDN) that you want to use to access Comply.

      For example, this could be the name of the node you have installed Comply on. If you choose to use an FQDN that is different from the name of this node, you must configure your domain name system (DNS) to resolve the FQDN to the IP address of the Comply node.

    2. In the Configure access section, add the following annotations to configure the Ingress if you use cert-manager.
       kubernetes.io/ingress.class: nginx 
      cert-manager.io/cluster-issuer: letsencrypt-prod
    3. Configure any other settings on the page relevant to your installation. For example, you can determine how often the Comply inventory retrieves node and fact information from Puppet Enterprise. The default refresh interval for the Comply inventory is 24 hours, but you can specify a different value in the Inventory Refresh Interval section.
    4. When you have finished, click Continue.
  3. Monitor the new version's preflight checks. The Running Checks indicator is shown on the screen while your system is checked to make sure your cluster meets minimum system requirements. When the preflight check is complete:
    • If the status is Checks Failed, click View preflights. Correct the issues and click Re-run. Repeat this step as needed.
      Important: Do not move on until all preflight checks pass.
    • If the status is Ready to Deploy, move on to the next step.
What to do next
Configure Comply TLS certificates for a custom NGINX ingress.