Introduction
If you wish to use Ingress as a means to access the Devtron services available in your cluster, you can configure it either during the installation or after the installation of Devtron.
Refer the section relevant to you:
If you have successfully configured Ingress, refer Post Ingress Setup .
Enabling Ingress during Devtron Installation
If you are installing Devtron, you can enable Ingress either via set flag or by using ingress-values.yaml to specify the desired Ingress settings.
Using set flag
You can use the --set
flag to specify the desired Ingress settings.
Here, we have added 5 configurations you can perform depending on your requirements:
Only Basic Configuration
To enable Ingress and set basic parameters, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com
Configuration Including Labels
To add labels to the Ingress resource, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.labels.env=production
Configuration Including Annotations
To add annotations to the Ingress resource, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set components.devtron.ingress.annotations."nginx\.ingress\.kubernetes\.io\/app-root"="/dashboard"
Configuration Including TLS Settings
To configure TLS settings, including secretName
and hosts
, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Comprehensive Configuration
To include all the above settings in a single command, use:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled=true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set components.devtron.ingress.annotations."nginx\.ingress\.kubernetes\.io\/app-root"="/dashboard" \
--set components.devtron.ingress.labels.env=production \
--set components.devtron.ingress.pathType=ImplementationSpecific \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Using ingress-values.yaml
As an alternative to the set flag method, you can enable Ingress using ingress-values.yaml
instead.
Create an ingress-values.yaml
file. You may refer the below format for an advanced ingress configuration which includes labels, annotations, secrets, and many more.
Copy components:
devtron:
ingress:
enabled: true
className: nginx
labels: {}
# env: production
annotations: {}
# nginx.ingress.kubernetes.io/app-root: /dashboard
pathType: ImplementationSpecific
host: devtron.example.com
tls: []
# - secretName: devtron-info-tls
# hosts:
# - devtron.example.com
Once you have the ingress-values.yaml
file ready, run the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd --reuse-values -f ingress-values.yaml
Configuring Ingress after Devtron Installation
After Devtron is installed, Devtron is accessible through devtron-service
. If you wish to access Devtron through ingress, you'll need to modify this service to use a ClusterIP instead of a LoadBalancer.
You can do this using the kubectl patch
command:
Copy kubectl patch -n devtroncd svc devtron-service -p '{"spec": {"ports": [{"port": 80,"targetPort": "devtron","protocol": "TCP","name": "devtron"}],"type": "ClusterIP","selector": {"app": "devtron"}}}'
Next, create ingress to access Devtron by applying the devtron-ingress.yaml
file. The file is also available on this link . You can access Devtron from any host after applying this yaml.
Copy apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
For k8s versions < 1.19, apply this yaml :
Copy apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
rules:
- http:
paths:
- backend:
serviceName: devtron-service
servicePort: 80
path: /orchestrator
- backend:
serviceName: devtron-service
servicePort: 80
path: /dashboard
pathType: ImplementationSpecific
Optionally, you also can access Devtron through a specific host by running the following YAML file:
Copy apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/app-root: /dashboard
labels:
app: devtron
release: devtron
name: devtron-ingress
namespace: devtroncd
spec:
ingressClassName: nginx
rules:
- host: devtron.example.com
http:
paths:
- backend:
service:
name: devtron-service
port:
number: 80
path: /orchestrator
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /dashboard
pathType: ImplementationSpecific
- backend:
service:
name: devtron-service
port:
number: 80
path: /grafana
pathType: ImplementationSpecific
Enable HTTPS For Devtron
Once Ingress setup for Devtron is done and you want to run Devtron over https
, you need to add different annotations for different ingress controllers and load balancers.
1. Nginx Ingress Controller
In case of nginx ingress controller
, add the following annotations under service.annotations
under nginx ingress controller to run devtron over https
.
(i) Amazon Web Services (AWS)
If you are using AWS cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<acm-arn-here>"
(ii) Digital Ocean
If you are using Digital Ocean cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "<your-certificate-id>"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
2. AWS Application Load Balancer (AWS ALB)
In case of AWS application load balancer, add following annotations under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "<acm-arn-here>"
3. Azure Application Gateway
In case of AWS application load balancer, the following annotations need to be added under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: "azure/application-gateway"
appgw.ingress.kubernetes.io/backend-protocol: "http"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "<name-of-appgw-installed-certificate>"
For an Ingress resource to be observed by AGIC (Application Gateway Ingress Controller) must be annotated with kubernetes.io/ingress.class: azure/application-gateway. Only then AGIC will work with the Ingress resource in question.
Note: Make sure NOT to use port 80 with HTTPS and port 443 with HTTP on the Pods.
Last updated 5 months ago