Comments (5)
Hello @jtrouth
Right now if you use the ingress.useTLS the helm chart is generating the ingress like the following:
# Source: terrakube/templates/ingress-ui.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: terrakube-ui-ingress
annotations:
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: "my-ip-ingress"
spec:
tls:
- hosts:
- "terrakube-ui.minikube.net"
secretName: tls-secret-ui-terrakube
rules:
- host: "terrakube-ui.minikube.net"
http:
paths:
- path: "/*"
pathType: "ImplementationSpecific"
backend:
service:
name: terrakube-ui-service
port:
number: 8080
If I understand correctly for Google Kubernetes Ingress the correct should be like this without the spec.tls right?
# Source: terrakube/templates/ingress-ui.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: terrakube-ui-ingress
annotations:
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
kubernetes.io/ingress.global-static-ip-name: "my-ip-ingress"
spec:
rules:
- host: "terrakube-ui.minikube.net"
http:
paths:
- path: "/*"
pathType: "ImplementationSpecific"
backend:
service:
name: terrakube-ui-service
port:
number: 8080
from terrakube-helm-chart.
That's correct
from terrakube-helm-chart.
Hello @jtrouth I dont have experience with the Google Kubernetes Engine and Google Managed Certificates but I was checking the documentation that you provided I think that in that case you could create the managed certificate before deploying the helm chart, I think it will be something like this:
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: managed-cert
spec:
domains:
- terrakube-ui.minikube.net
- terrakube-api.minikube.net
- terrakube-reg.minikube.net
Once you have created the managed certificate you could customize the ingress annotation using a custom file value.yaml to something like this:
## Ingress properties
ingress:
useTls: true
ui:
enabled: true
domain: "terrakube-ui.minikube.net"
path: "/(.*)"
pathType: "Prefix"
annotations:
kubernetes.io/ingress.global-static-ip-name: ADDRESS_NAME
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
api:
enabled: true
domain: "terrakube-api.minikube.net"
path: "/(.*)"
pathType: "Prefix"
annotations:
kubernetes.io/ingress.global-static-ip-name: ADDRESS_NAME
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
registry:
enabled: true
domain: "terrakube-reg.minikube.net"
path: "/(.*)"
pathType: "Prefix"
annotations:
kubernetes.io/ingress.global-static-ip-name: ADDRESS_NAME
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
dex:
enabled: true
path: "/dex/(.*)"
pathType: "Prefix"
annotations:
kubernetes.io/ingress.global-static-ip-name: ADDRESS_NAME
networking.gke.io/managed-certificates: managed-cert
kubernetes.io/ingress.class: "gce"
And deploy the app using the helm install:
helm install --values values.yaml terrakube terrakube-repo/terrakube -n terrakube
In the example documentation I also saw that it was using NodePort, by the default the helm chart is using ClusterIp, you could change that if need it using something like this in your values.yaml:
## API properties
api:
serviceType: "NodePort"
## Executor properties
executor:
serviceType: "NodePort"
## Registry properties
registry:
serviceType: "NodePort"
## Registry properties
registry:
serviceType: "NodePort"
I hope this can help you.
from terrakube-helm-chart.
Thanks for the response. Apologies if I was not clear, but I'm actually doing all of the stuff you mentioned (except that the only pathType
supported is ImplementationSpecific
and I don't have regexes in the paths because Google doesn't support that) and none of it resolves the issue.
If there is a spec.tls
key in a GCE-native Ingress then the controller will fail to sync and generate an event like Error syncing to GCP: error running load balancer syncing routine: error initializing translator env: secrets "tls-secret-api-terrakube" not found
.
I've been able to mostly work around this by first deploying the chart with ingress.useTls
set to false
, waiting for the Ingresses to sync, and the redeploying with the value set to true
. This is not a sustainable workaround though because the Ingress resources are still broken by the presence of the spec.tls
key the Ingress resources, and any changes do not get synced to the GCE Load Balancers.
The best deploy-time solution I've found so far is to patch the Ingress resources with a Helm postprocessor, removing the TLS spec from the resources.
from terrakube-helm-chart.
Hello @jtrouth
I created an small fix.
Can you try adding this:
## Ingress properties
ingress:
includeTlsHosts: false
from terrakube-helm-chart.
Related Issues (20)
- Add securityContext field to deployment objects HOT 2
- Use of ingressClass instead of annotations HOT 2
- Azure AKS Helm Deployment Error HOT 9
- Configure ImagePullSecrets in deployments
- Missed proxy configuration HOT 3
- Azure examples contain wrong redirect uri example
- MYSQL databaseName not used but databaseSchema
- Ingress configuration is outdated HOT 1
- Redis Configuration options HOT 1
- Adds value for configuring OpenLDAP image name
- Adds imagePullSecret for OpenLDAP deployment
- Not all secrets/resources getting created HOT 2
- Backend configuration help HOT 7
- Workspaces not loading HOT 1
- Possible to support multiple domains for endpoints? HOT 5
- Customised path for Dex not working HOT 1
- Support redis on different port and SSL HOT 1
- Allow to configure service account and role bindings
- Error 500 When Creating Organization with LDAP or Microsoft Azure AD Authentication HOT 9
- Add init container/ability to install additional tools into executor container HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terrakube-helm-chart.