Comments (10)
@adilyse -- looks like those changes enable annotations on a service, not the creation of an ingress object.
Suggest referencing a solution such as the one used by Minio:
https://github.com/helm/charts/blob/master/stable/minio/templates/ingress.yaml
This would allow for an ingress object to be created if the value is set. The actual ingress object is farily simple, mine is here:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: consul
namespace: kube-system
labels:
app.kubernetes.io/name: consul
spec:
rules:
- host: consul.DOMAIN
http:
paths:
- path: /
backend:
serviceName: consul-consul-ui
servicePort: 80
I can pull together a PR if you guys would be willing to review it.
from consul-helm.
The Consul team is looking for more feedback on the Consul Helm Chart. If any of you have 3 minutes, consider filling out our survey.
from consul-helm.
Hi @msarmstr,
We're still sorting out how Ingresses interact with Consul in Kubernetes, so I don't have a full answer for you. However, I just merged #105 that should allow a fair amount of flexibility in providing additional ways to configure the UI service to be accessed.
from consul-helm.
Hi.
Any updates on this issues?
from consul-helm.
We have deployed Consul 1.8.4 using this helm chart ,which created a service for web-ui named as "consul-primary-ui" .To expose the ui we are creating the following ingress object , Unfortunately we are getting "404 page not found " .
Did any one try to make it work with ingress ?
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: consul-primary-ui
namespace: consul
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: consul-primary-ui
servicePort: 443
from consul-helm.
@jomcyp -- is the service port (443) correct? Is the consul service itself configured to do TLS?
from consul-helm.
Hey @jomcyp
I'm not sure that the /*
is supported by ingress, unless this is something specific to traefik. It seems that you should either specify /ui
as an exact path, which the path at which consul's UI is served, or expose all paths by using path of type pathPrefix
with /
prefix.
from consul-helm.
Thank you for the response
@carpenike Yes, We configured the service port as 443 for consul_primary_ui and TLS is enabled through helm chart.
see the service manifest below
kind: Service
apiVersion: v1
metadata:
name: consul-primary-ui
namespace: consul
labels:
app: consul
app.kubernetes.io/managed-by: Helm
chart: consul-helm
component: ui
heritage: Helm
release: consul-cluster
annotations:
meta.helm.sh/release-name: consul-cluster
meta.helm.sh/release-namespace: consul
spec:
ports:
- name: https
protocol: TCP
port: 443
targetPort: 8501
selector:
app: consul
component: server
release: consul-cluster
clusterIP: 172.20.15.4
type: ClusterIP
I am able to access consul web ui with https , when i do kubectl port-forward at service level
kubectl port-forward svc/consul-primary-ui -n <consul-ns> 1234:443
@ishustava
I have tried with /*
and /ui
and /
, but they all come back to 404 page not found .
Do we need to pass tls certificate through ingress object ? When I enabled tls with helm chart by default its using consul built-in CA to generate the certificates.
from consul-helm.
I've just remembered that the Kubernetes ingress doesn't support TLS on the backend, meaning TLS termination has to be done at the ingress controller, and the traffic from ingress to the backend pod (in this case consul servers) is in plaintext. Here are the kubernetes docs that mention that.
I know that some ingress controllers, e.g. NGINX, allow TLS passthrough. I saw from your annotations that you're using traefik and found this blog that talks about how to enable TLS passthrough. Ultimately, you'd need to check with the specific ingress implementation on whether they support TLS passthrough or turn off TLS on the consul cluster.
from consul-helm.
Addressed by #774
from consul-helm.
Related Issues (20)
- Variable Interpolation within Helm chart HOT 7
- [ERROR] Unable to get Agent services: error="Unexpected response code: 403 (ACL not found)" HOT 9
- GKE Ingress requires pathType to be ImplementationSpecific
- flag provided but not defined: -log-json HOT 6
- Mesh-Gateway k8s: Error initializing configuration HOT 6
- Chart v0.32.+ : invalid config key "TransparentProxy" for proxy-defaults.yaml HOT 2
- Could not resolve host: static-server HOT 9
- test issue migration
- consul-consul-webhook-cert-manager flag provided but not defined: -log-json HOT 2
- 0.32.1/1.10.0 WAN Federation consul-server-acl-init job failing to execute resulting in failed helm installation HOT 8
- Kubernetes, ConsulCatalog and Traefik - Changing default Sync Rule between K8s and ConsulCatalog? HOT 2
- Consul connect injected sidecars not permitted by Pod Security Policies HOT 2
- Allow specifying a default policy / role for namespace mirroring HOT 2
- How route traffic to another consul node? HOT 5
- Consul ingress gateways not starting after chart upgrade HOT 6
- Which directory consul kv data is stored HOT 4
- consul connect: 503 after scaling in or pod restarts HOT 15
- feat: Add `-recursor` flag
- Failed helm upgrade leaves behind a job that prevents future upgrades? HOT 7
- Allow Consul client daemonset connectivity via nodePort (instead of only hostPort) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from consul-helm.