Ingress Setup
Introduction
If you wish to use Ingress as a means to access the Devtron services available in your cluster, you can configure it either during the installation or after the installation of Devtron.
Refer the section relevant to you:
If you have successfully configured Ingress, refer Post Ingress Setup.
Enabling Ingress during Devtron Installation
If you are installing Devtron, you can enable Ingress either via set flag or by using ingress-values.yaml to specify the desired Ingress settings.
Using set flag
You can use the --set
flag to specify the desired Ingress settings.
Here, we have added 5 configurations you can perform depending on your requirements:
Only Basic Configuration
To enable Ingress and set basic parameters, use the following command:
helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com
Configuration Including Labels
To add labels to the Ingress resource, use the following command:
helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.labels.env=production
Configuration Including Annotations
To add annotations to the Ingress resource, use the following command:
helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set components.devtron.ingress.annotations."nginx\.ingress\.kubernetes\.io\/app-root"="/dashboard"
Configuration Including TLS Settings
To configure TLS settings, including secretName
and hosts
, use the following command:
helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Comprehensive Configuration
To include all the above settings in a single command, use:
helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set components.devtron.ingress.annotations."nginx\.ingress\.kubernetes\.io\/app-root"="/dashboard" \
--set components.devtron.ingress.labels.env=production \
--set components.devtron.ingress.pathType=ImplementationSpecific \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Using ingress-values.yaml
As an alternative to the set flag method, you can enable Ingress using ingress-values.yaml
instead.
Create an ingress-values.yaml
file. You may refer the below format for an advanced ingress configuration which includes labels, annotations, secrets, and many more.
components:
devtron:
ingress:
enabled: true
className: nginx
labels: {}
# env: production
annotations: {}
# nginx.ingress.kubernetes.io/app-root: /dashboard
pathType: ImplementationSpecific
host: devtron.example.com
tls: []
# - secretName: devtron-info-tls
# hosts:
# - devtron.example.com
Once you have the ingress-values.yaml
file ready, run the following command:
helm install devtron devtron/devtron-operator -n devtroncd --reuse-values -f ingress-values.yaml
Configuring Ingress after Devtron Installation
After Devtron is installed, Devtron is accessible through devtron-service
. If you wish to access Devtron through ingress, you'll need to modify this service to use a ClusterIP instead of a LoadBalancer.
You can do this using the kubectl patch
command:
kubectl patch -n devtroncd svc devtron-service -p '{"spec": {"ports": [{"port": 80,"targetPort": "devtron","protocol": "TCP","name": "devtron"}],"type": "ClusterIP","selector": {"app": "devtron"}}}'
Next, create ingress to access Devtron by applying the devtron-ingress.yaml
file. The file is also available on this link. You can access Devtron from any host after applying this yaml.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
For k8s versions < 1.19, apply this yaml:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
rules:
- http:
paths:
- backend:
serviceName: devtron-service
servicePort: 80
path: /orchestrator
- backend:
serviceName: devtron-service
servicePort: 80
path: /dashboard
pathType: ImplementationSpecific
Optionally, you also can access Devtron through a specific host by running the following YAML file:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- host: devtron.example.com
http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
Enable HTTPS For Devtron
Once Ingress setup for Devtron is done and you want to run Devtron over https
, you need to add different annotations for different ingress controllers and load balancers.
1. Nginx Ingress Controller
In case of nginx ingress controller
, add the following annotations under service.annotations
under nginx ingress controller to run devtron over https
.
(i) Amazon Web Services (AWS)
If you are using AWS cloud, add the following annotations under service.annotations
under nginx ingress controller.
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<acm-arn-here>"
(ii) Digital Ocean
If you are using Digital Ocean cloud, add the following annotations under service.annotations
under nginx ingress controller.
annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "<your-certificate-id>"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
2. AWS Application Load Balancer (AWS ALB)
In case of AWS application load balancer, add following annotations under ingress.annotations
to run devtron over https
.
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "<acm-arn-here>"
3. Azure Application Gateway
In case of AWS application load balancer, the following annotations need to be added under ingress.annotations
to run devtron over https
.
annotations:
kubernetes.io/ingress.class: "azure/application-gateway"
appgw.ingress.kubernetes.io/backend-protocol: "http"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "<name-of-appgw-installed-certificate>"
For an Ingress resource to be observed by AGIC (Application Gateway Ingress Controller) must be annotated with kubernetes.io/ingress.class: azure/application-gateway. Only then AGIC will work with the Ingress resource in question.
Note: Make sure NOT to use port 80 with HTTPS and port 443 with HTTP on the Pods.
Last updated
Was this helpful?