ivampiresp/longhorn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

doc: create ingress controller with basic auth

Browse Source 
Signed-off-by: meldafrawi <mohamed.eldafrawi@rancher.com>
This commit is contained in:
meldafrawi 2020-02-27 02:10:16 +02:00 committed by Sheng Yang
parent b70d86b3ce
commit ecccf2a14a
2 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -113,18 +113,21 @@ longhorn-ui-f849dcd85-cgkgg 1/1 Running 0 5d
### Accessing the UI ### Accessing the UI
You can run `kubectl -n longhorn-system get svc` to get the external service IP for UI: > For Longhorn v0.8.0+, UI service type has been changed from `LoadBalancer` to `ClusterIP`
You can run `kubectl -n longhorn-system get svc` to get Longhorn UI service:
``` ```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
longhorn-backend ClusterIP 10.20.248.250 <none> 9500/TCP 58m longhorn-backend ClusterIP 10.20.248.250 <none> 9500/TCP 58m
longhorn-frontend LoadBalancer 10.20.245.110 100.200.200.123 80:30697/TCP 58m longhorn-frontend ClusterIP 10.20.245.110 <none> 80/TCP 58m
``` ```
If the Kubernetes Cluster supports creating LoadBalancer, you can use `EXTERNAL-IP`(`100.200.200.123` in the case above) of `longhorn-frontend` to access the Longhorn UI. Otherwise you can use `<node_ip>:<port>` (port is `30697`in the case above) to access the UI. To access Longhorn UI when installed from YAML manifest, you need to create an ingress controller.
See more about how to create an Nginx ingress controller with basic authentication [here](https://github.com/longhorn/longhorn/blob/master/docs/longhorn-ingress.md)
Noted that the UI is unauthenticated when you installed Longhorn using YAML file.
# Upgrade # Upgrade

38
docs/longhorn-ingress.md Normal file
View File

@ -0,0 +1,38 @@
## Create Nginx Ingress Controller with basic authentication
1. Create a basic auth file `auth`:
> It's important the file generated is named auth (actually - that the secret has a key data.auth), otherwise the ingress-controller returns a 503
`$ USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth`
2. Create a secret
`$ kubectl -n longhorn-system create secret generic basic-auth --from-file=auth`
3. Create an Nginx ingress controller manifest `longhorn-ingress.yml` :
```
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: longhorn-system
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
spec:
rules:
- http:
paths:
- path: /
backend:
serviceName: longhorn-frontend
servicePort: 80
```
4. Create the ingress controller:
`$ kubectl -n longhorn-system apply longhorn-ingress.yml`