After Devtron is installed, Devtron is accessible through service devtron-service
. If you want to access Devtron through ingress, edit devtron-service
and change the loadbalancer to ClusterIP. You can do this using kubectl patch
command:
Copy kubectl patch -n devtroncd svc devtron-service -p '{"spec": {"ports": [{"port": 80,"targetPort": "devtron","protocol": "TCP","name": "devtron"}],"type": "ClusterIP","selector": {"app": "devtron"}}}'
After this, create ingress by applying the ingress yaml file. You can use this yaml file to create ingress to access Devtron:
Copy apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
You can access Devtron from any host after applying this yaml. For k8s versions <1.19, apply this yaml :
Copy apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
rules:
- http:
paths:
- backend:
serviceName: devtron-service
servicePort: 80
path: /orchestrator
- backend:
serviceName: devtron-service
servicePort: 80
path: /dashboard
pathType: ImplementationSpecific
Optionally, you also can access Devtron through a specific host by running the following YAML file:
Copy apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- host: devtron.example.com
http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
Enable HTTPS For Devtron
Once ingress setup for devtron is done and you want to run Devtron over https
, you need to add different annotations for different ingress controllers and load balancers.
1. Nginx Ingress Controller
In case of nginx ingress controller
, add the following annotations under service.annotations
under nginx ingress controller to run devtron over https
.
(i) Amazon Web Services (AWS)
If you are using AWS cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<acm-arn-here>"
(ii) Digital Ocean
If you are using Digital Ocean cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "<your-certificate-id>"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
2. AWS Application Load Balancer (AWS ALB)
In case of AWS application load balancer, add following annotations under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "<acm-arn-here>"
3. Azure Application Gateway
In case of AWS application load balancer, the following annotations need to be added under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: "azure/application-gateway"
appgw.ingress.kubernetes.io/backend-protocol: "http"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "<name-of-appgw-installed-certificate>"
For an Ingress resource to be observed by AGIC (Application Gateway Ingress Controller) must be annotated with kubernetes.io/ingress.class: azure/application-gateway. Only then AGIC will work with the Ingress resource in question.
Note: Make sure NOT to use port 80 with HTTPS and port 443 with HTTP on the Pods.
Last updated 7 months ago