Skip to content

Add ingress config example for haproxy #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
maxnoe wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add ingress config example for haproxy #329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion charts/rucio-server/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: rucio-server
version: 39.0.0
version: 39.0.1
apiVersion: v1
description: A Helm chart to deploy servers for Rucio
keywords:
Expand Down
50 changes: 38 additions & 12 deletions charts/rucio-server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,21 +126,47 @@ For the authentication ingress the configuration is a bit different if you want
to use the x509 certificate authentication in Rucio. In this case the TLS
connection cannot be terminated by the ingress controller but instead it has to
be forwarded to the pods so that they can verify the user certificate. You will
need an ingress controller that supports TLS passthrough. This documentation
will focus on the nginx ingress controller.
need an ingress controller that supports TLS passthrough.

This has been tested with the HAProxy Kubernetes Ingress controller and the
now retired Ingress NGINX.

First, the `service` has to be configured using HTTPS as described above.
Then, you can enable passthrough in the ingress definition:

ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- my.rucio-auth.test
path: /
### HAProxy Kubernetes Ingress Controller

```
rucio-server:
useSSL: true
ingress:
enabled: true
ingressClassName: haproxy
annotations:
haproxy.org/ssl-passthrough: "true"
hosts:
- my.rucio-auth.test
tls:
- secretName: # we use passthrough, so no secret required for ingress
```


### ingress-controller-nginx

Should not be used anymore, for reference:

```
rucio-server:
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- my.rucio-auth.test
tls:
- secretName: # we use passthrough, so no secret required for ingress
```

## httpd config

Expand Down
Loading