TheThingsIndustries · vlasebian · Oct 23, 2024 · Oct 28, 2024
diff --git a/doc/content/the-things-stack/host/kubernetes/generic/configuration/_index.md b/doc/content/the-things-stack/host/kubernetes/generic/configuration/_index.md
@@ -59,9 +59,9 @@ global:
     oauth:
       clientSecret: # See preparation section.
   ingress:
-    traefik:
-      tls:
-        secretName: # Secret Name containing the TLS Certificates for the Domain.
+    controller: # Ingress controller class name.
+    tls:
+      secretName: # Secret Name containing the TLS Certificates for the Domain.
   tenancy:
     adminKey: # See preparation section.
   interop:

diff --git a/doc/content/the-things-stack/host/kubernetes/generic/prerequisites/_index.md b/doc/content/the-things-stack/host/kubernetes/generic/prerequisites/_index.md
@@ -37,7 +37,7 @@ Please [contact our sales team](mailto:[email protected]) for access
 2. PostgreSQL compatible database.
 3. Redis compatible database.
 4. Blob Storage
-5. Traefik Proxy to handle the ingress routes.
+5. An ingress controller to handle the ingress routes.
 6. TLS Certificates.
 7. (Optional) TimescaleDB
 8. (Optional) Metrics Server
@@ -107,96 +107,67 @@ $ sudo chown -R 886:886 <blob>
 
 ##### Disabling Blob Storage
 
-{{% tts %}} Helm Charts by default expects a blob storage configured but it is possible to use {{% tts %}} without it. You can disable the usage of blob by setting `global.interop.configSource` and `global.blob.provider` values to an empty string `""`.
+{{% tts %}} Helm Chart by default expects a blob storage configured but it is possible to use {{% tts %}} without it. You can disable the usage of blob by setting `global.interop.configSource` and `global.blob.provider` values to an empty string `""`.
 
-#### 5. Traefik Proxy
-
-The Things Stack Helm Charts currently only supports the [Traefik](https://traefik.io/traefik/) proxy out of the box to load balance incoming traffic.
-
-To use a custom proxy/load balancer, set `global.ingress.traefik.enabled` to `false`.
-
-When Traefik is disabled, the ports and routes necessary for The Things Stack should be mapped manually by the operator.
-Check the `ingress-routes.yaml` files for each component and adapt it to your proxy. Setting up and maintaining a custom proxy is out of the scope of this document.
-
-If Traefik is not used, skip ahead to [setup TLS certificates]({{< ref "the-things-stack/host/kubernetes/generic/prerequisites#6-tls-certificates" >}}).
-
-The simplest way to install Traefik in the kubernetes cluster is use the [official Helm charts](https://artifacthub.io/packages/helm/traefik/traefik).
-
-The Things Stack ingress routes need to be mapped to the Traefik entry points. This can be done during installation.
-
-Save the following as a YAML file (example `traefik.values.yaml`) and use that as the values file for Helm.
+#### 5. An ingress controller
 
+An ingress controller is needed to route the incoming traffic. Specify the ingress controller by setting the `global.ingress.controller` to the class name of the ingress controller deployed in the cluster. For TLS, make sure to set the `global.ingress.controller.tls.secretName`. The secret has to be accessible from the namespace where the {{% tts %}} Helm Chart is deployed. These ports are needed by {{% tts %}} and must be exposed:
+
 ```yaml
-deployment:
-  replicas: 2
 ports:
-  web: # NOTE: This name is predefined in traefik.
+  web:
     protocol: TCP
     port: 1885
-    expose: true
     exposedPort: 80
-    redirectTo: websecure
-  websecure: # NOTE: This name is predefined in traefik.
+  websecure:
     protocol: TCP
     port: 8885
-    expose: true
     exposedPort: 443
   grpc:
     protocol: TCP
     port: 1884
-    expose: true
     exposedPort: 1884
   grpcsecure:
     protocol: TCP
     port: 8884
-    expose: true
     exposedPort: 8884
   # Gateway Connectivity
   gtwmqttv2:
     protocol: TCP
     port: 1881
-    expose: true
     exposedPort: 1881
   gtwmqttv2secure:
     protocol: TCP
     port: 8881
-    expose: true
     exposedPort: 8881
   gtwmqttv3:
     protocol: TCP
     port: 1882
-    expose: true
     exposedPort: 1882
   gtwmqttv3secure:
     protocol: TCP
     port: 8882
-    expose: true
     exposedPort: 8882
   lbs:
     protocol: TCP
     port: 1887
-    expose: true
     exposedPort: 1887
   lbssecure:
     protocol: TCP
     port: 8887
-    expose: true
     exposedPort: 8887
   # Application MQTT
   appmqtt:
     protocol: TCP
     port: 1883
-    expose: true
     exposedPort: 1883
   appmqttsecure:
     protocol: TCP
     port: 8883
-    expose: true
     exposedPort: 8883
   udp:
     protocol: UDP
     port: 1700
-    expose: true
     exposedPort: 1700
   # Interoperability. This part is optional. Only enable it if interoperability is needed.
   interop:
@@ -207,13 +178,7 @@ ports:
     exposedPort: 8886
 ```
 
-##### Custom Resource Definitions (CRDs)
-
-Traefik requires the installation of multiple CRDs (Custom Resource Definitions) to run.
-
-This can be done using `kubectl`. Choose the appropriate CRD file for the version of Traefik that you are using.
-
-If you are using the official [Traefik Helm Chart](https://github.com/traefik/traefik-helm-chart), the CRDs are installed automatically for you.
+Examples of ingress controllers configurations can be found [here](https://www.thethingsindustries.com/docs/the-things-stack/host/kubernetes/generic/prerequisites/sample-ingress-controllers/).
 
 #### 6. TLS Certificates
 

diff --git a/...hings-stack/host/kubernetes/generic/prerequisites/sample-ingress-controllers.md b/...hings-stack/host/kubernetes/generic/prerequisites/sample-ingress-controllers.md
@@ -0,0 +1,168 @@
+---
+title: "Sample ingress controllers"
+description: ""
+weight: 1
+aliases: [/getting-started/kubernetes/self-managed/prerequisites/sample-ingress-controllers]
+---
+
+The following are examples of ingress controllers for {{% tts %}} deployment on Kubernetes.
+
+<!--more-->
+
+## Traefik
+
+Example of a Traefik configuration provided through the values of an Traefik Helm chart. More info about the Helm chart can be found [here](https://github.com/traefik/traefik-helm-chart).
+
+```yaml
+deployment:
+  kind: "Deployment"
+  replicas: 1
+ingressRoute:
+  dashboard:
+    enabled: false
+additionalArguments:
+- "--entrypoints.udp.udp.timeout=90s"
+- "--log.level=DEBUG"
+ports:
+  web:
+    protocol: "TCP"
+    port: 1885
+    expose:
+      default: true
+    exposedPort: 80
+    redirectTo:
+      port: "websecure"
+  websecure:
+    protocol: "TCP"
+    port: 8885
+    expose:
+      default: true
+    exposedPort: 443
+  traefik:
+    protocol: "TCP"
+    port: 9000
+    expose:
+      default: false
+  grpc:
+    protocol: "TCP"
+    port: 1884
+    expose:
+      default: true
+    exposedPort: 1884
+  grpcsecure:
+    protocol: "TCP"
+    port: 8884
+    expose:
+      default: true
+    exposedPort: 8884
+  gtwmqttv2:
+    protocol: "TCP"
+    port: 1881
+    expose:
+      default: true
+    exposedPort: 1881
+  gtwmqttv2secure:
+    protocol: "TCP"
+    port: 8881
+    expose:
+      default: true
+    exposedPort: 8881
+  gtwmqttv3:
+    protocol: "TCP"
+    port: 1882
+    expose:
+      default: true
+    exposedPort: 1882
+  gtwmqttv3secure:
+    protocol: "TCP"
+    port: 8882
+    expose:
+      default: true
+    exposedPort: 8882
+  semtechws:
+    protocol: "TCP"
+    port: 1887
+    expose:
+      default: true
+    exposedPort: 1887
+  semtechwssecure:
+    protocol: "TCP"
+    port: 8887
+    expose:
+      default: true
+    exposedPort: 8887
+  appmqtt:
+    protocol: "TCP"
+    port: 1883
+    expose:
+      default: true
+    exposedPort: 1883
+  appmqttsecure:
+    protocol: "TCP"
+    port: 8883
+    expose:
+      default: true
+    exposedPort: 8883
+  interop:
+    protocol: "TCP"
+    port: 8886
+    expose:
+      default: true
+    exposedPort: 8886
+```
+
+## Ingress NGINX
+
+Example of an Ingress NGINX configuration provided through the values of an Ingress NGINX Helm chart. More info about the 
+Helm chart can be found [here](https://artifacthub.io/packages/helm/bitnami/nginx).
+
+```yaml
+fullnameOverride: "nginx"
+namespaceOverride: "ingress-nginx"
+kind: Deployment
+replicaCount: '1'
+config:
+  log-level: "debug"
+  error-log-level: "debug"
+  # redirect port 80 to 443 for HTTP to HTTPS.
+  ssl-redirect: "true"
+  upstream-keepalive-timeout: '90s'
+service:
+  ports:
+    http: 80
+    https: 443
+  extraPorts:
+  - name: semtechws
+    port: 1887
+    targetPort: 1887
+  nodePorts:
+    tcp:
+      # http
+      "80": "1885"
+      # https
+      "443": "8885"
+      # grpc
+      "1884": "1884"
+      # grpcsecure
+      "8844": "8884"
+      # gtwmqttv2
+      "1881": "1881"
+      # gtwmqttv2secure
+      "8881": "8881"
+      # gtwmqttv3
+      "1882": "1882"
+      # gtwmqttv3secure
+      "8882": "8882"
+      # semtechws
+      "1887": "1887"
+      # semtechwssecure
+      "8887": "8887"
+      # appmqtt
+      "1883": "1883"
+      # appmqttsecure
+      "8883": "8883"
+      # interop
+      "8886": "8886"
+    udp:
+      "1700": "1700"
+```