Documentation for Ingress HTTPS options #63
Comments
|
Is the |
Splaktar
changed the title
|
I was able to create a registry-staging-certificate.yaml apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: registry-staging
spec:
domains:
- registry-staging.mydomain.comAnd then Then I used this ingress definition: ingress:
enabled: true
# Set to true if you are on an old cluster where apiVersion extensions/v1beta1 is required
useExtensionsApi: false
# This (/*) is due to gce ingress needing a glob where nginx ingress doesn't (/).
paths:
- /*
extraPaths: [ ]
hosts:
- registry-staging.mydomain.com
annotations:
kubernetes.io/ingress.global-static-ip-name: "xxx.xxx.xxx.xxx"
networking.gke.io/managed-certificates: "registry-staging"
kubernetes.io/ingress.class: "gce"
# tls:
# - secretName: registry-staging
# hosts:
# - registry-staging.mydomain.com |
|
This seems what I would expect. Ingress annotations are how you would tell your ingress controller (in this case something in GCP) what to do. Verdaccio would not be responsible for terminating TLS and ultimately you wouldn't want your services (verdaccio included) to terminate TLS. The ingress controller should via Ingress object metadata. Or a shorter version: This is an Ingress controller concern, not a concern with pods/services/ingresses, and the documentation would live in either ingress controller or kubernetes core concept docs. Does that satisfy your needs on this issue? |
|
It looks like one of the things that I was doing wrong was kubernetes.io/ingress.global-static-ip-name: "xxx.xxx.xxx.xxx"should be kubernetes.io/ingress.global-static-ip-name: registry-staging-ipIt needs to use the static IP's name and not the IP itself. Strange that it just failed silently on that. |
|
This is one of those fun things about Kubernetes. There's things that Kubernetes itself handles, and it will provide "events" that are errors that you can troubleshoot with, but then there's all sorts of stuff like this where it's just another "tag" or extra field or different API version that is valid yaml, but doesn't actually tell anything in Kubernetes to do anything, and isn't correct for some other thing (like in this case I think this is for GCP's Load Balancer glue maybe?), but that other thing can't guess what's wrong or if it does, the error is somewhere totally different. It gets better over time as you learn the nuances of what gets passed to what for a given thing, but I admit it's confusing for a while. Welcome to the k8s fold =cP Feel free to close this issue if you wish, or if you run into an issue with Verdaccio's chart itself we're happy to help of course. We'll probably close the issue in a few days if nothing further comes up on this one just to keep things clean. (If I'm missing something and you still need a Verdaccio question answered, feel free to point out my error as well.) |
|
Thank you for that explanation. I certainly appreciate it. That said, I do think that there is some benefit to improving the docs for this chart on GKE. There are a number of custom links and docs for AWS, but it's lacking the GKE side. For instance, the I understand not wanting to repeat all of the GKE docs, but it would be nice to mention or point to the docs for things like this kubernetes.io/ingress.global-static-ip-name: registry-ip-name
networking.gke.io/managed-certificates: "registry-staging"
kubernetes.io/ingress.class: "gce"I guess just linking to https://cloud.google.com/kubernetes-engine/docs/concepts/ingress would send people in the right direction. I had to read through so much unrelated stuff to find what I needed. The issue in #62 was also a big bump in this road since every update I had to go and reset the service's |
In https://github.com/verdaccio/charts#configuration, there are no entries for these options in
values.yaml:I'd like to set up TLS, but it's not clear to me how to do this. I provisioned a certificate for my load balancer in Google Cloud, but I'm not sure how to get that hooked up into this config.
The text was updated successfully, but these errors were encountered: