Introduction
If you wish to use Ingress as a means to access the Devtron services available in your cluster, you can configure it either during the installation or after the installation of Devtron.
Refer the section relevant to you:
If you have successfully configured Ingress, refer Post Ingress Setup .
Enabling Ingress during Devtron Installation
If you are installing Devtron, you can enable Ingress either via set flag or by using ingress-values.yaml to specify the desired Ingress settings.
Using set flag
You can use the --set
flag to specify the desired Ingress settings.
Here, we have added 5 configurations you can perform depending on your requirements:
Only Basic Configuration
To enable Ingress and set basic parameters, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled= true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com
Configuration Including Labels
To add labels to the Ingress resource, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled= true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.labels.env=production
Configuration Including Annotations
To add annotations to the Ingress resource, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled= true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations. "kubernetes\.io/ingress\.class" =nginx \
--set components.devtron.ingress.annotations. "nginx\.ingress\.kubernetes\.io\/app-root" = "/dashboard"
Configuration Including TLS Settings
To configure TLS settings, including secretName
and hosts
, use the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled= true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Comprehensive Configuration
To include all the above settings in a single command, use:
Copy helm install devtron devtron/devtron-operator -n devtroncd \
--set components.devtron.ingress.enabled= true \
--set components.devtron.ingress.className=nginx \
--set components.devtron.ingress.host=devtron.example.com \
--set components.devtron.ingress.annotations. "kubernetes\.io/ingress\.class" =nginx \
--set components.devtron.ingress.annotations. "nginx\.ingress\.kubernetes\.io\/app-root" = "/dashboard" \
--set components.devtron.ingress.labels.env=production \
--set components.devtron.ingress.pathType=ImplementationSpecific \
--set components.devtron.ingress.tls[0].secretName=devtron-tls \
--set components.devtron.ingress.tls[0].hosts[0]=devtron.example.com
Using ingress-values.yaml
As an alternative to the set flag method, you can enable Ingress using ingress-values.yaml
instead.
Create an ingress-values.yaml
file. You may refer the below format for an advanced ingress configuration which includes labels, annotations, secrets, and many more.
Copy components :
devtron :
ingress :
enabled : true
className : nginx
labels : {}
# env: production
annotations : {}
# nginx.ingress.kubernetes.io/app-root: /dashboard
pathType : ImplementationSpecific
host : devtron.example.com
tls : []
# - secretName: devtron-info-tls
# hosts:
# - devtron.example.com
Once you have the ingress-values.yaml
file ready, run the following command:
Copy helm install devtron devtron/devtron-operator -n devtroncd --reuse-values -f ingress-values.yaml
Configuring Ingress after Devtron Installation
After Devtron is installed, Devtron is accessible through devtron-service
. If you wish to access Devtron through ingress, you'll need to modify this service to use a ClusterIP instead of a LoadBalancer.
You can do this using the kubectl patch
command:
Copy kubectl patch -n devtroncd svc devtron-service -p '{"spec": {"ports": [{"port": 80,"targetPort": "devtron","protocol": "TCP","name": "devtron"}],"type": "ClusterIP","selector": {"app": "devtron"}}}'
Next, create ingress to access Devtron by applying the devtron-ingress.yaml
file. The file is also available on this link . You can access Devtron from any host after applying this yaml.
Copy apiVersion : networking.k8s.io/v1
kind : Ingress
metadata :
annotations :
nginx.ingress.kubernetes.io/app-root : /dashboard
labels :
app : devtron
release : devtron
name : devtron-ingress
namespace : devtroncd
spec :
ingressClassName : nginx
rules :
- http :
paths :
- backend :
service :
name : devtron-service
port :
number : 80
path : /orchestrator
pathType : ImplementationSpecific
- backend :
service :
name : devtron-service
port :
number : 80
path : /dashboard
pathType : ImplementationSpecific
- backend :
service :
name : devtron-service
port :
number : 80
path : /grafana
pathType : ImplementationSpecific
For k8s versions < 1.19, apply this yaml :
Copy apiVersion : extensions/v1beta1
kind : Ingress
metadata :
annotations :
nginx.ingress.kubernetes.io/app-root : /dashboard
labels :
app : devtron
release : devtron
name : devtron-ingress
namespace : devtroncd
spec :
rules :
- http :
paths :
- backend :
serviceName : devtron-service
servicePort : 80
path : /orchestrator
- backend :
serviceName : devtron-service
servicePort : 80
path : /dashboard
pathType : ImplementationSpecific
Optionally, you also can access Devtron through a specific host by running the following YAML file:
Copy apiVersion : networking.k8s.io/v1
kind : Ingress
metadata :
annotations :
nginx.ingress.kubernetes.io/app-root : /dashboard
labels :
app : devtron
release : devtron
name : devtron-ingress
namespace : devtroncd
spec :
ingressClassName : nginx
rules :
- host : devtron.example.com
http :
paths :
- backend :
service :
name : devtron-service
port :
number : 80
path : /orchestrator
pathType : ImplementationSpecific
- backend :
service :
name : devtron-service
port :
number : 80
path : /dashboard
pathType : ImplementationSpecific
- backend :
service :
name : devtron-service
port :
number : 80
path : /grafana
pathType : ImplementationSpecific
Enable HTTPS For Devtron
Once Ingress setup for Devtron is done and you want to run Devtron over https
, you need to add different annotations for different ingress controllers and load balancers.
1. Nginx Ingress Controller
In case of nginx ingress controller
, add the following annotations under service.annotations
under nginx ingress controller to run devtron over https
.
(i) Amazon Web Services (AWS)
If you are using AWS cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "<acm-arn-here>"
(ii) Digital Ocean
If you are using Digital Ocean cloud, add the following annotations under service.annotations
under nginx ingress controller.
Copy annotations:
service.beta.kubernetes.io/do-loadbalancer-protocol: "http"
service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
service.beta.kubernetes.io/do-loadbalancer-certificate-id: "<your-certificate-id>"
service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true"
2. AWS Application Load Balancer (AWS ALB)
In case of AWS application load balancer, add following annotations under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: "<acm-arn-here>"
3. Azure Application Gateway
In case of AWS application load balancer, the following annotations need to be added under ingress.annotations
to run devtron over https
.
Copy annotations:
kubernetes.io/ingress.class: "azure/application-gateway"
appgw.ingress.kubernetes.io/backend-protocol: "http"
appgw.ingress.kubernetes.io/ssl-redirect: "true"
appgw.ingress.kubernetes.io/appgw-ssl-certificate: "<name-of-appgw-installed-certificate>"
For an Ingress resource to be observed by AGIC (Application Gateway Ingress Controller) must be annotated with kubernetes.io/ingress.class: azure/application-gateway. Only then AGIC will work with the Ingress resource in question.
Note: Make sure NOT to use port 80 with HTTPS and port 443 with HTTP on the Pods.
Last updated 2 months ago