Ingress controller rules

Ingress controller rules handles the Kibana authentication. The user does not need to add authentication however it is recommended. Ensure ingress rules are deployed after xl up has run. If you do not create your own namespace the ingress rules will be deleted during an undeploy as we delete the namespace during the undeploy. The ingress controller can be deployed in another namespace however ingress rules need to be deployed in the same namespace as the pods .

Components that need ingress rules:

Up provided JMS: Rabbitmq serviceName: rabbitmq servicePort: 15672 Monitoring: Grafana serviceName: grafana servicePort: 3000 Kibana serviceName: kibana-logging servicePort: 5601 Secret: Password: Username + ”::” + Password Then base 64 encode the combined string
XLR serviceName: xl-release servicePort: 5516 XLD serviceName: xl-deploy-lb servicePort: 4516

Load Balancer Annotations: AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “tcp” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: “300” Azure: service.beta.kubernetes.io/azure-load-balancer-tcp-idle-timeout: “20” Ingress-Default-Backend - Ingress Annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: JSESSIONID ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk HEAD /ha/health HTTP/1.0

Examples of ingress rules for HAProxy:

RabbitMQ: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: rabbitmq namespace: xebialabs labels: app: rabbitmq annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” spec: rules: - http: paths: - path: /rabbitmq/ backend: serviceName: rabbitmq servicePort: 15672 Grafana: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana namespace: xebialabs labels: app: grafana annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” spec: rules: - http: paths: - path: /grafana/ backend: serviceName: grafana servicePort: 3000 Kibana: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: kibana namespace: xebialabs labels: app: kibana annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/auth-type: “basic” ingress.kubernetes.io/auth-realm: “Kibana Authentication” ingress.kubernetes.io/auth-secret: “kibana-secret” spec: rules: - http: paths: - path: /kibana/ backend: serviceName: kibana-logging servicePort: 5601


apiVersion: v1 kind: Secret metadata: name: kibana-secret namespace: xebialabs data: auth: [YOUR BASE 64 ENCODED USERNAME AND PASSWORD] XL-Deploy: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: xl-deploy namespace: xebialabs labels: app: xl-deploy annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: SESSION_XLD ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk GET /deployit/ha/health HTTP/1.0 spec: rules: - http: paths: - path: /xl-deploy/ backend: serviceName: xl-deploy-lb servicePort: 4516 XL-Release apiVersion: extensions/v1beta1 kind: Ingress metadata: name: xl-release namespace: xebialabs labels: app: xl-release annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: JSESSIONID ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk GET /ha/health HTTP/1.0 spec: rules: - http: paths: - path: /xl-release/ backend: serviceName: xl-release servicePort: 5516