Ingress controller rules
Ingress controller rules handles the Kibana authentication. The user does not need to add authentication however it is recommended. Ensure ingress rules are deployed after xl up has run. If you do not create your own namespace the ingress rules will be deleted during an undeploy as we delete the namespace during the undeploy. The ingress controller can be deployed in another namespace however ingress rules need to be deployed in the same namespace as the pods .
Components that need ingress rules:
Up provided JMS:
Rabbitmq
serviceName: rabbitmq
servicePort: 15672
Monitoring:
Grafana
serviceName: grafana
servicePort: 3000
Kibana
serviceName: kibana-logging
servicePort: 5601
Secret:
Password: Username + ”::” + Password
Then base 64 encode the combined string
XLR
serviceName: xl-release
servicePort: 5516
XLD
serviceName: xl-deploy-lb
servicePort: 4516
Load Balancer Annotations: AWS: service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “tcp” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: “300” Azure: service.beta.kubernetes.io/azure-load-balancer-tcp-idle-timeout: “20” Ingress-Default-Backend - Ingress Annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: JSESSIONID ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk HEAD /ha/health HTTP/1.0
Examples of ingress rules for HAProxy:
RabbitMQ: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: rabbitmq namespace: xebialabs labels: app: rabbitmq annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” spec: rules: - http: paths: - path: /rabbitmq/ backend: serviceName: rabbitmq servicePort: 15672 Grafana: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: grafana namespace: xebialabs labels: app: grafana annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” spec: rules: - http: paths: - path: /grafana/ backend: serviceName: grafana servicePort: 3000 Kibana: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: kibana namespace: xebialabs labels: app: kibana annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/auth-type: “basic” ingress.kubernetes.io/auth-realm: “Kibana Authentication” ingress.kubernetes.io/auth-secret: “kibana-secret” spec: rules: - http: paths: - path: /kibana/ backend: serviceName: kibana-logging servicePort: 5601
apiVersion: v1 kind: Secret metadata: name: kibana-secret namespace: xebialabs data: auth: [YOUR BASE 64 ENCODED USERNAME AND PASSWORD] XL-Deploy: apiVersion: extensions/v1beta1 kind: Ingress metadata: name: xl-deploy namespace: xebialabs labels: app: xl-deploy annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: SESSION_XLD ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk GET /deployit/ha/health HTTP/1.0 spec: rules: - http: paths: - path: /xl-deploy/ backend: serviceName: xl-deploy-lb servicePort: 4516 XL-Release apiVersion: extensions/v1beta1 kind: Ingress metadata: name: xl-release namespace: xebialabs labels: app: xl-release annotations: kubernetes.io/ingress.class: haproxy ingress.kubernetes.io/rewrite-target: / ingress.kubernetes.io/ssl-redirect: “false” ingress.kubernetes.io/affinity: cookie ingress.kubernetes.io/session-cookie-name: JSESSIONID ingress.kubernetes.io/session-cookie-strategy: prefix ingress.kubernetes.io/config-backend: | option httpchk GET /ha/health HTTP/1.0 spec: rules: - http: paths: - path: /xl-release/ backend: serviceName: xl-release servicePort: 5516