Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-20916

Redirect squash.lsst.codes to chronograf-demo.lsst.codes

    XMLWordPrintable

Details

    • Story
    • Status: Done
    • Resolution: Done
    • None
    • squash
    • None

    Description

      The current deployment of the Chronograf UI is still a demo (in the sense that we need to complete DM-18060 work).

      However, to avoid confusion and direct (new) users to the Chronograf UI we decided to redirect https://squash.lsst.codes to http://chronograf-demo.lsst.codes.

      Attachments

        Activity

          afausti Angelo Fausti added a comment - - edited

          I've tested the redirect with the https://chronograf-test.lsst.codes deployment.

          We need to point squash.lsst.codes to the desired Loadbalancer Ingress IP, configure a new ingress rule to route squash.lsst.codes to the chronograph k8s service and add the following annotation that rewrites the URL to https://chronograf-test.lsst.codes.

          nginx.ingress.kubernetes.io/configuration-snippet: |
                 if ($host = 'squash.lsst.codes' ) \{
                   rewrite ^ https://chronograf-test.lsst.codes$request_uri permanent;
                 }
           

           
          This way, squash.lsst.codes acts as an alias while we keep the current deployment elsewhere.
           

          afausti Angelo Fausti added a comment - - edited I've tested the redirect with the https://chronograf-test.lsst.codes deployment. We need to point squash.lsst.codes to the desired Loadbalancer Ingress IP, configure a new ingress rule to route squash.lsst.codes to the chronograph k8s service and add the following annotation that rewrites the URL to  https://chronograf-test.lsst.codes . nginx.ingress.kubernetes.io/configuration-snippet: |        if ($host = 'squash.lsst.codes' ) \{          rewrite ^ https://chronograf-test.lsst.codes$request_uri permanent;        }   This way, squash.lsst.codes acts as an alias while we keep the current deployment elsewhere.  
          afausti Angelo Fausti added a comment - - edited

          The final ingress configuration looks like:

          apiVersion: extensions/v1beta1
           kind: Ingress
           metadata:
             annotations:
               kubernetes.io/ingress.class: nginx
               kubernetes.io/tls-acme: "true"
               nginx.ingress.kubernetes.io/configuration-snippet: |
                 if ($host = 'squash.lsst.codes' ) {
                   rewrite ^ https://chronograf-demo.lsst.codes$request_uri permanent;
                 }
             creationTimestamp: "2019-08-05T22:27:10Z"
             generation: 2
             labels:
               app: chronograf-chronograf
               chart: chronograf-1.0.1
               heritage: Tiller
               release: chronograf
             name: chronograf-chronograf
             namespace: chronograf-test
             resourceVersion: "80494278"
             selfLink: /apis/extensions/v1beta1/namespaces/chronograf-test/ingresses/chronograf-chronograf
             uid: 2a2dc98b-b7d0-11e9-a6b6-42010a800004
           spec:
             rules:
             - host: chronograf-demo.lsst.codes
               http:
                 paths:
                 - backend:
                     serviceName: chronograf-chronograf
                     servicePort: 80
                   path: /
             - host: squash.lsst.codes
               http:
                 paths:
                 - backend:
                     serviceName: chronograf-chronograf
                     servicePort: 80
                   path: /
             tls:
             - hosts:
               - chronograf-demo.lsst.codes
               - squash.lsst.codes
               secretName: tls-certs
          

          afausti Angelo Fausti added a comment - - edited The final ingress configuration looks like: apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/configuration-snippet: | if ($host = 'squash.lsst.codes' ) { rewrite ^ https://chronograf-demo.lsst.codes$request_uri permanent; } creationTimestamp: "2019-08-05T22:27:10Z" generation: 2 labels: app: chronograf-chronograf chart: chronograf-1.0.1 heritage: Tiller release: chronograf name: chronograf-chronograf namespace: chronograf-test resourceVersion: "80494278" selfLink: /apis/extensions/v1beta1/namespaces/chronograf-test/ingresses/chronograf-chronograf uid: 2a2dc98b-b7d0-11e9-a6b6-42010a800004 spec: rules: - host: chronograf-demo.lsst.codes http: paths: - backend: serviceName: chronograf-chronograf servicePort: 80 path: / - host: squash.lsst.codes http: paths: - backend: serviceName: chronograf-chronograf servicePort: 80 path: / tls: - hosts: - chronograf-demo.lsst.codes - squash.lsst.codes secretName: tls-certs

          If the ingress is annotated with kubernetes.io/tls-acme: "true", Kube-Lego will check the TLS configuration and make sure that the specified secret:

          • Exists and contains a valid private/public key pair;
          • The certificate is not expired;
          • The certificate covers all domain names specified in the ingress config.
          afausti Angelo Fausti added a comment - If the ingress is annotated with kubernetes.io/tls-acme: "true" , Kube-Lego will check the TLS configuration and make sure that the specified secret: Exists and contains a valid private/public key pair; The certificate is not expired; The certificate covers all domain names specified in the ingress config.
          afausti Angelo Fausti added a comment - - edited

          By default the controller redirects to HTTPS if TLS is enabled for that ingress. So ingress.kubernetes.io/ssl-redirect: "true" is not required.

          afausti Angelo Fausti added a comment - - edited By default the controller redirects to HTTPS if TLS is enabled for that ingress. So ingress.kubernetes.io/ssl-redirect: "true" is not required.

          Ingress configuration applied.

          afausti Angelo Fausti added a comment - Ingress configuration applied.

          People

            afausti Angelo Fausti
            afausti Angelo Fausti
            Angelo Fausti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Jenkins

                No builds found.