Enable Ingress Configuration

[nathanielc]

Keramik needs to be able to expose Ceramic pods with public address outside of the network.

Ceramic pods run IPFS which wants to have a public IP so that other nodes in the network (not inside of k8s) can peer with them. Load balancing is not a viable solution as the IPFS protocols have their own security layer that require IPs to map to a single known Peer. If multiple peers repsond on a single IP IPFS will refuse to connect.

Keramik should NOT be responsible to configuring and managing ingress to the pods. However it should make it easy/possible to existing ingress system to discover and expose Ceramic pods.

DOD:

• Documentation showing how to configure ingress to Ceramic pods individually for AWS/GKE
• Each API has its own ingress port (preferably on the same IP per node)
  • TCP 4001 for IPFS
  • UDP 4001 for IPFS (optional)
  • HTTP 5001 for Ceramic API
  • HTTP 7007 for ComposeDB API
• Ports are configurable, the above ports are defaults only

If the UDP port proves to be difficult to implement we can skip it for now and revisit later.

[3benbox]

Keramik should NOT be responsible to configuring and managing ingress to the pods.

Agree 💯 , it's a cluster/cloud boundary and there are lot's of possible options.

We should provide example configurations for different providers and methods as Ceramic and IPFS have unique requirements.

[qbig]

@kammerdiener ser do we have a rough ETA for this feature?