Code Monkey home page Code Monkey logo

Comments (4)

arm4b avatar arm4b commented on May 28, 2024

Overview of different K8s Service types and when to use what:
https://medium.com/@pczarkowski/kubernetes-services-exposed-86d45c994521

from stackstorm-k8s.

avatar commented on May 28, 2024

Providing my feedback since this one is still open.
with changes to values.yaml it was easy to expose service behind st2web to outside.

  service:
    type: "LoadBalancer"
    hostname: "example.domain.com"

I can also wish for a way to set Ingress controller inside values.yaml but I am not sure how feasible that is considering all services depending on st2web load balancing capability.

ingress:
  enabled: true
  path: /
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/issuer:  my-issuer
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-buffering: "on"
    nginx.ingress.kubernetes.io/configuration-snippet: |\

  hosts:
    - example.domain.com
  tls:
    - secretName: tls-secret
      hosts:
        - example.domain.com

from stackstorm-k8s.

arm4b avatar arm4b commented on May 28, 2024

Thank you very much @mosn, that's definitely useful!

Per #44 (comment) discussion we definitely want to expose Ingress controller settings via Helm values.yaml to allow users to configure the SSL/TLS negotiation layer on their own (optional). To make it more consistent and efficient, st2web will go HTTP by default (currently HTTPS).

Yes, st2web uses nginx under the hood and adding Ingress controller will add another proxy layer on top, but I can't think of anything else easy & usable, as st2web exposes StackStorm Web UI apart of APIs.

Saying that, contributions to add Ingress controller would be very welcome!

from stackstorm-k8s.

avatar commented on May 28, 2024

As an alternative, We can also look into the possibility of using existing Ingress Controller in the cluster. Example with cert-manager something like

===WARNING WORK IN PROGRESS DONT USE===

Install cert-manager

git clone https://github.com/jetstack/cert-manager
git checkout v0.2.3
helm install --name cert-manager contrib/charts/cert-manager --set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-prod,--default-issuer-kind=ClusterIssuer}' --set ingressShim.enabled=false --namespace kube-system
kubectl -n kube-system get pods

Add an ingress-controller

helm install --name ingress-my-test-app stable/nginx-ingress --set rbac.create='true'

Configure issuer (cluster issuer)

apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt-prod
  namespace: default
spec:
  acme:
    # The ACME server URL
    server: https://acme-v01.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: [email protected]
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod-key
    # Enable HTTP01 validations
    http01: {}

Manually generate a certificate resource

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: stackstorm-st2web-enterprise
  namespace: default
spec:
  secretName: stackstorm-st2web-enterprise
  commonName: st.example.com
  dnsNames:
  - st2.example.com
  issuerRef:
    name: letsencrypt-prod
    kind: Issuer
  acme:
    config:
    - http01:
        ingressClass: nginx
      domains:
      - st2.example.com

Configure st2web to with the ingress controller

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: stackstorm-st2web-enterprise
  namespace: default
  annotations:
    certmanager.k8s.io/issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
spec:
  rules:
    - host: st.node.rpt.sh
      http:
        paths:
          - backend:
              serviceName: stackstorm-st2web-enterprise
              servicePort: 30677
            path: /
  tls:
    - hosts:
        - st.node.rpt.sh
      secretName: stackstorm-st2web-enterprise

I can issue the certificate this way just fine but still unable to connect to st2web for some reason.

from stackstorm-k8s.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.