rancher-partner-charts/charts/datawiza/access-broker/README.md

# Access Proxy Helm Chart

* Installs the Identity Aware proxy [Access Proxy](https://www.datawiza.com/access-broker)

## Get Repo Info

```sh
helm repo add datawiza https://datawiza-inc.github.io/helm-charts/
helm repo update
```

## Installing the Chart

Please follow the [doc](https://docs.datawiza.com/step-by-step/step2.html) to create an application on the Datawiza Cloud Management Console (DCMC) to generate a pair of `PROVISIONING_KEY`, `PROVISIONING_SECRET`, and the command line to log in to our docker repo.

Use the command line to log in and create a Kubernetes Secret based on the Docker credentials. You can see [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more details.

Then, create a yaml file named `example.yaml` based on these values:

```yaml
PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-app-listen-port
imagePullSecrets: replace-with-you-secret
```

To install the chart with the release name `my-release` in the namespace `my-namespace`:

```console
helm install my-release -f example.yaml datawiza/access-broker -n my-namespace
```

## Uninstalling the Chart

To uninstall/delete the my-release deployment:

```console
helm delete my-release
```

The command removes all the Kubernetes components associated with the chart and deletes the release.

## Note

The DAP uses a Cookie to track user sessions and will store the session data on the `Server Side` (default) or the `Client Side`. In the k8s cluster, you need to add the sticky session config if you use the `Server Side` cookie. Or you need to change the `Session Option` (`Application` -> `Advanced` -> `Advanced Options`) in DCMC to `Client Side`.

## Examples

### Example with ingress

A very basic example using ingress is like this:

```yaml
PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-listen-port
imagePullSecrets: replace-with-you-secret
service:
  type: ClusterIP
  port: replace-with-your-listen-port
ingress:
  annotations:
    kubernetes.io/ingress.class: replace-with-your-ingress-class
  className: ''
  enabled: true
  hosts:
    - host: replace-with-your-public-domain
      paths:
        - path: /
          pathType: Prefix
```

#### AWS Load Balancer Controller

Follow the [Installation Guide](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/) to install the AWS Load Balancer Controller.

##### Sticky Session

Add needed annotations in the ingress block in DAP helm value.yaml file:

```yaml
  ...
  annotations:
    alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
    alb.ingress.kubernetes.io/target-type: ip
  ...
```

You can go to [AWS doc](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#target-group-attributes) to see more details.

##### TLS Termination

Add the `alb.ingress.kubernetes.io/certificate-arn: replace-with-your-cert-arn` in the ingress annotations. You can see more details [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#ssl).

And in DCMC, you need to disable the SSL config.

#### Nginx Ingress Controller

Follow the [Installation Guide](https://kubernetes.github.io/ingress-nginx/deploy/) to install the Nginx Ingress Controller.

##### Sticky Session

Add needed annotations in the ingress block in DAP helm value.yaml file:

```yaml
  ...
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
  ...
```

Meanwhile, Nginx Ingress Controller provides more customized configurations for the sticky session. You can see more details [here](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/).

##### TLS Termination

Create the TLS secret based on your cert and key:

```sh
kubectl create secret tls tls-secret --key you-key --cert your-cert  -n your-namespace

```

Add TLS block in ingress config:

```yaml
  ...
  tls:
    - hosts:
        - your-public-domain
      secretName: tls-secret
  ...
```

And likewise, you need to disable the SSL config in DCMC.
Charts CI ``` Updated: argo/argo-cd: - 5.16.6 bitnami/mariadb: - 11.4.2 bitnami/postgresql: - 12.1.4 bitnami/redis: - 17.3.16 bitnami/wordpress: - 15.2.21 bitnami/zookeeper: - 11.0.2 codefresh/cf-runtime: - 1.9.3 crate/crate-operator: - 2.20.0 datadog/datadog: - 3.6.4 datawiza/access-broker: - 0.1.2 dell/csi-powerstore: - 2.5.0 dell/csi-unity: - 2.5.0 dell/csi-vxflexos: - 2.5.0 kubecost/cost-analyzer: - 1.99.0 redpanda/redpanda: - 2.3.19 speedscale/speedscale-operator: - 1.2.7 sysdig/sysdig: - 1.15.62 trilio/k8s-triliovault-operator: - 3.0.2 yugabyte/yugabyte: - 2.16.0 yugabyte/yugaware: - 2.16.0 ``` 2022-12-15 17:25:29 +00:00			`# Access Proxy Helm Chart`

			`* Installs the Identity Aware proxy [Access Proxy](https://www.datawiza.com/access-broker)`

			`## Get Repo Info`

			```sh
			`helm repo add datawiza https://datawiza-inc.github.io/helm-charts/`
			`helm repo update`
			```

			`## Installing the Chart`

			Please follow the [doc](https://docs.datawiza.com/step-by-step/step2.html) to create an application on the Datawiza Cloud Management Console (DCMC) to generate a pair of `PROVISIONING_KEY`, `PROVISIONING_SECRET`, and the command line to log in to our docker repo.

			`Use the command line to log in and create a Kubernetes Secret based on the Docker credentials. You can see [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) for more details.`

			Then, create a yaml file named `example.yaml` based on these values:

			```yaml
			`PROVISIONING_KEY: replace-with-your-provisioning-key`
			`PROVISIONING_SECRET: replace-with-your-provisioning-key`
			`containerPort: replace-with-your-app-listen-port`
			`imagePullSecrets: replace-with-you-secret`
			```

			To install the chart with the release name `my-release` in the namespace `my-namespace`:

			```console
			`helm install my-release -f example.yaml datawiza/access-broker -n my-namespace`
			```

			`## Uninstalling the Chart`

			`To uninstall/delete the my-release deployment:`

			```console
			`helm delete my-release`
			```

			`The command removes all the Kubernetes components associated with the chart and deletes the release.`

			`## Note`

			The DAP uses a Cookie to track user sessions and will store the session data on the `Server Side` (default) or the `Client Side`. In the k8s cluster, you need to add the sticky session config if you use the `Server Side` cookie. Or you need to change the `Session Option` (`Application` -> `Advanced` -> `Advanced Options`) in DCMC to `Client Side`.

			`## Examples`

			`### Example with ingress`

			`A very basic example using ingress is like this:`

			```yaml
			`PROVISIONING_KEY: replace-with-your-provisioning-key`
			`PROVISIONING_SECRET: replace-with-your-provisioning-key`
			`containerPort: replace-with-your-listen-port`
			`imagePullSecrets: replace-with-you-secret`
			`service:`
			`type: ClusterIP`
			`port: replace-with-your-listen-port`
			`ingress:`
			`annotations:`
			`kubernetes.io/ingress.class: replace-with-your-ingress-class`
			`className: ''`
			`enabled: true`
			`hosts:`
			`- host: replace-with-your-public-domain`
			`paths:`
			`- path: /`
			`pathType: Prefix`
			```

			`#### AWS Load Balancer Controller`

			`Follow the [Installation Guide](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/installation/) to install the AWS Load Balancer Controller.`

			`##### Sticky Session`

			`Add needed annotations in the ingress block in DAP helm value.yaml file:`

			```yaml
			`...`
			`annotations:`
			`alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60`
			`alb.ingress.kubernetes.io/target-type: ip`
			`...`
			```

			`You can go to [AWS doc](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#target-group-attributes) to see more details.`

			`##### TLS Termination`

			Add the `alb.ingress.kubernetes.io/certificate-arn: replace-with-your-cert-arn` in the ingress annotations. You can see more details [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/#ssl).

			`And in DCMC, you need to disable the SSL config.`

			`#### Nginx Ingress Controller`

			`Follow the [Installation Guide](https://kubernetes.github.io/ingress-nginx/deploy/) to install the Nginx Ingress Controller.`

			`##### Sticky Session`

			`Add needed annotations in the ingress block in DAP helm value.yaml file:`

			```yaml
			`...`
			`annotations:`
			`nginx.ingress.kubernetes.io/affinity: "cookie"`
			`...`
			```

			`Meanwhile, Nginx Ingress Controller provides more customized configurations for the sticky session. You can see more details [here](https://kubernetes.github.io/ingress-nginx/examples/affinity/cookie/).`

			`##### TLS Termination`

			`Create the TLS secret based on your cert and key:`

			```sh
			`kubectl create secret tls tls-secret --key you-key --cert your-cert -n your-namespace`

			```

			`Add TLS block in ingress config:`

			```yaml
			`...`
			`tls:`
			`- hosts:`
			`- your-public-domain`
			`secretName: tls-secret`
			`...`
			```

			`And likewise, you need to disable the SSL config in DCMC.`