Comments (4)
Overview of different K8s Service types and when to use what:
https://medium.com/@pczarkowski/kubernetes-services-exposed-86d45c994521
from stackstorm-k8s.
Providing my feedback since this one is still open.
with changes to values.yaml
it was easy to expose service behind st2web
to outside.
service:
type: "LoadBalancer"
hostname: "example.domain.com"
I can also wish for a way to set Ingress controller inside values.yaml
but I am not sure how feasible that is considering all services depending on st2web load balancing capability.
ingress:
enabled: true
path: /
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/issuer: my-issuer
nginx.ingress.kubernetes.io/proxy-body-size: 50m
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/configuration-snippet: |\
hosts:
- example.domain.com
tls:
- secretName: tls-secret
hosts:
- example.domain.com
from stackstorm-k8s.
Thank you very much @mosn, that's definitely useful!
Per #44 (comment) discussion we definitely want to expose Ingress controller settings via Helm values.yaml
to allow users to configure the SSL/TLS negotiation layer on their own (optional). To make it more consistent and efficient, st2web
will go HTTP by default (currently HTTPS).
Yes, st2web uses nginx under the hood and adding Ingress controller will add another proxy layer on top, but I can't think of anything else easy & usable, as st2web exposes StackStorm Web UI apart of APIs.
Saying that, contributions to add Ingress controller would be very welcome!
from stackstorm-k8s.
As an alternative, We can also look into the possibility of using existing Ingress Controller in the cluster. Example with cert-manager
something like
===WARNING WORK IN PROGRESS DONT USE===
Install cert-manager
git clone https://github.com/jetstack/cert-manager
git checkout v0.2.3
helm install --name cert-manager contrib/charts/cert-manager --set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-prod,--default-issuer-kind=ClusterIssuer}' --set ingressShim.enabled=false --namespace kube-system
kubectl -n kube-system get pods
Add an ingress-controller
helm install --name ingress-my-test-app stable/nginx-ingress --set rbac.create='true'
Configure issuer (cluster issuer)
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: default
spec:
acme:
# The ACME server URL
server: https://acme-v01.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected]
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod-key
# Enable HTTP01 validations
http01: {}
Manually generate a certificate resource
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: stackstorm-st2web-enterprise
namespace: default
spec:
secretName: stackstorm-st2web-enterprise
commonName: st.example.com
dnsNames:
- st2.example.com
issuerRef:
name: letsencrypt-prod
kind: Issuer
acme:
config:
- http01:
ingressClass: nginx
domains:
- st2.example.com
Configure st2web to with the ingress controller
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: stackstorm-st2web-enterprise
namespace: default
annotations:
certmanager.k8s.io/issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: st.node.rpt.sh
http:
paths:
- backend:
serviceName: stackstorm-st2web-enterprise
servicePort: 30677
path: /
tls:
- hosts:
- st.node.rpt.sh
secretName: stackstorm-st2web-enterprise
I can issue the certificate this way just fine but still unable to connect to st2web for some reason.
from stackstorm-k8s.
Related Issues (20)
- Allow setting requests/limits on init containers HOT 2
- st2clientConfig issue with jobs.extra_hooks HOT 1
- Pack defaults do not get overridden when a pack is reinstalled HOT 2
- sendmail configuration is impossible inside a container HOT 6
- There is an issue with the StackStorm Kafka pack in stackstorm 3.8.0 HOT 1
- rabbitmq 'failed to merge schema: bad cookie' HOT 1
- Not able to create new action in stackstorm (which is deployed on K8s in docker desktop) HOT 2
- proper graceful shutdown settings HOT 6
- Release a new version HOT 11
- Secret DataStore Crypto Key should not be created when existing provided
- Error while installing multiple packs via configs HOT 1
- job-ensure-packs-volumes-are-writable missing policy and syntax error HOT 5
- Deployments have labels that are redundant when existing secrets are provided. HOT 1
- ST2 migration from standalone install to K8s?
- More detailed "Releasing information" HOT 1
- /bin/bash: /etc/nginx/conf.d/st2.conf: Permission denied HOT 2
- Unable to run st2client , st2web, st2actionrunner as stanley user after adding securityContext HOT 5
- Use Secret for `st2.docker.conf` instead of ConfigMap HOT 1
- st2api pod need pack images? HOT 1
- Upgrade `helm-unittest` HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stackstorm-k8s.