Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-20916

Redirect squash.lsst.codes to chronograf-demo.lsst.codes

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Resolution: Done
    • Fix Version/s: None
    • Component/s: squash
    • Labels:
      None

      Description

      The current deployment of the Chronograf UI is still a demo (in the sense that we need to complete DM-18060 work).

      However, to avoid confusion and direct (new) users to the Chronograf UI we decided to redirect https://squash.lsst.codes to http://chronograf-demo.lsst.codes.

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          Hide
          Permalink
          afausti Angelo Fausti added a comment - - edited

          I've tested the redirect with the https://chronograf-test.lsst.codes deployment.

          We need to point squash.lsst.codes to the desired Loadbalancer Ingress IP, configure a new ingress rule to route squash.lsst.codes to the chronograph k8s service and add the following annotation that rewrites the URL to https://chronograf-test.lsst.codes.

          nginx.ingress.kubernetes.io/configuration-snippet: |
          		 
                 if ($host = 'squash.lsst.codes' ) \{
          		 
                   rewrite ^ https://chronograf-test.lsst.codes$request_uri permanent;
          		 
                 }

           
          This way, squash.lsst.codes acts as an alias while we keep the current deployment elsewhere.
           

          Show
          afausti Angelo Fausti added a comment - - edited I've tested the redirect with the https://chronograf-test.lsst.codes deployment. We need to point squash.lsst.codes to the desired Loadbalancer Ingress IP, configure a new ingress rule to route squash.lsst.codes to the chronograph k8s service and add the following annotation that rewrites the URL to  https://chronograf-test.lsst.codes . nginx.ingress.kubernetes.io/configuration-snippet: |        if ($host = 'squash.lsst.codes' ) \{          rewrite ^ https://chronograf-test.lsst.codes$request_uri permanent;        }   This way, squash.lsst.codes acts as an alias while we keep the current deployment elsewhere.  
          Hide
          Permalink
          afausti Angelo Fausti added a comment - - edited

          The final ingress configuration looks like:

          apiVersion: extensions/v1beta1
          		 
           kind: Ingress
          		 
           metadata:
          		 
             annotations:
          		 
               kubernetes.io/ingress.class: nginx
          		 
               kubernetes.io/tls-acme: "true"
          		 
               nginx.ingress.kubernetes.io/configuration-snippet: |
          		 
                 if ($host = 'squash.lsst.codes' ) {
          		 
                   rewrite ^ https://chronograf-demo.lsst.codes$request_uri permanent;
          		 
                 }
          		 
             creationTimestamp: "2019-08-05T22:27:10Z"
          		 
             generation: 2
          		 
             labels:
          		 
               app: chronograf-chronograf
          		 
               chart: chronograf-1.0.1
          		 
               heritage: Tiller
          		 
               release: chronograf
          		 
             name: chronograf-chronograf
          		 
             namespace: chronograf-test
          		 
             resourceVersion: "80494278"
          		 
             selfLink: /apis/extensions/v1beta1/namespaces/chronograf-test/ingresses/chronograf-chronograf
          		 
             uid: 2a2dc98b-b7d0-11e9-a6b6-42010a800004
          		 
           spec:
          		 
             rules:
          		 
             - host: chronograf-demo.lsst.codes
          		 
               http:
          		 
                 paths:
          		 
                 - backend:
          		 
                     serviceName: chronograf-chronograf
          		 
                     servicePort: 80
          		 
                   path: /
          		 
             - host: squash.lsst.codes
          		 
               http:
          		 
                 paths:
          		 
                 - backend:
          		 
                     serviceName: chronograf-chronograf
          		 
                     servicePort: 80
          		 
                   path: /
          		 
             tls:
          		 
             - hosts:
          		 
               - chronograf-demo.lsst.codes
          		 
               - squash.lsst.codes
          		 
               secretName: tls-certs

          Show
          afausti Angelo Fausti added a comment - - edited The final ingress configuration looks like: apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/configuration-snippet: | if ($host = 'squash.lsst.codes' ) { rewrite ^ https://chronograf-demo.lsst.codes$request_uri permanent; } creationTimestamp: "2019-08-05T22:27:10Z" generation: 2 labels: app: chronograf-chronograf chart: chronograf-1.0.1 heritage: Tiller release: chronograf name: chronograf-chronograf namespace: chronograf-test resourceVersion: "80494278" selfLink: /apis/extensions/v1beta1/namespaces/chronograf-test/ingresses/chronograf-chronograf uid: 2a2dc98b-b7d0-11e9-a6b6-42010a800004 spec: rules: - host: chronograf-demo.lsst.codes http: paths: - backend: serviceName: chronograf-chronograf servicePort: 80 path: / - host: squash.lsst.codes http: paths: - backend: serviceName: chronograf-chronograf servicePort: 80 path: / tls: - hosts: - chronograf-demo.lsst.codes - squash.lsst.codes secretName: tls-certs
          Hide
          Permalink
          afausti Angelo Fausti added a comment -

          If the ingress is annotated with kubernetes.io/tls-acme: "true", Kube-Lego will check the TLS configuration and make sure that the specified secret:

          • Exists and contains a valid private/public key pair;
          • The certificate is not expired;
          • The certificate covers all domain names specified in the ingress config.
          Show
          afausti Angelo Fausti added a comment - If the ingress is annotated with kubernetes.io/tls-acme: "true" , Kube-Lego will check the TLS configuration and make sure that the specified secret: Exists and contains a valid private/public key pair; The certificate is not expired; The certificate covers all domain names specified in the ingress config.
          Hide
          Permalink
          afausti Angelo Fausti added a comment - - edited

          By default the controller redirects to HTTPS if TLS is enabled for that ingress. So ingress.kubernetes.io/ssl-redirect: "true" is not required.

          Show
          afausti Angelo Fausti added a comment - - edited By default the controller redirects to HTTPS if TLS is enabled for that ingress. So ingress.kubernetes.io/ssl-redirect: "true" is not required.
          Hide
          Permalink
          afausti Angelo Fausti added a comment -

          Ingress configuration applied.

          Show
          afausti Angelo Fausti added a comment - Ingress configuration applied.

            People

            Assignee:
            afausti Angelo Fausti
            Reporter:
            afausti Angelo Fausti
            Watchers:
            Angelo Fausti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Jenkins

                No builds found.