The Component Pack documentation uses http for the connection from IHS to the Kubernetes backend. This is not up-to-date any more, so I'd like to use https for those backend connection as well as in IHS like this:
User <----- https -----> IHS <----- https -----> K8S Backend
Following HCLs documentation, we just got
User <----- https -----> IHS <----- http -----> K8S Backend
Component Packs ingress doesn't have any configuration options for https documented.
I unpacked the chart and looked at it's default values.yml. It seems that IBM/HCL doesn't follow the Helm template, which allow configuring https in almost any charts using ingress.tls.
The only possible way seems to be manually modifying our ingress ressources like this:
kubectl edit ing cnx-ingress-orient-me* by a subdomain (e.g. ing): - host: ing.k8s.internaltls section in spec: tls:
- hosts:
- ing.k8s.internal
Save the changes and verify your ingress is avaliable using https, for example with the comp
curl "https://ing.k8s.internal/social/views/login.html" --head should return HTTP/2 200
We need to repat this for all deployed ingress ressources. When all features are deployed, there are 4:
$ kging | grep -v NAME | awk '{print $1}'
cnx-ingress-appreg
cnx-ingress-orient-me
cnx-ingress-sanity
external-service
Its also possible to automate those changes by exporting the ingress to a file:
kubectl get ing cnx-ingress-orient-me -o yaml > /tmp/ing.yml
No we can search/replace using sed
# Replaces the general HTTP listen hostname
sed -i "s/host: '\*\./ing./g" /tmp/ing.yml
# Adds tls-tree with corresponding indention
sed "s/\(\s*\)\(rules:\)/tls:\n\1- hosts:\n\1\1- ing.k8s.internal\n\1\2/g" /tmp/ing.yml
To apply our changes:
kubectl replace -f /tmp/ing.yml