rancher-partner-charts/charts/datawiza/access-broker/0.1.2
Adam Pickering 5be02706cb
Migrate charts directory (vendors starting with D-E) (#1043)
2024-07-08 16:54:00 -06:00
..
ci Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
templates Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
.helmignore Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
Chart.yaml Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
README.md Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
app-readme.md Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
questions.yaml Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00
values.yaml Migrate charts directory (vendors starting with D-E) (#1043) 2024-07-08 16:54:00 -06:00

README.md

Access Proxy Helm Chart

Get Repo Info

helm repo add datawiza https://datawiza-inc.github.io/helm-charts/
helm repo update

Installing the Chart

Please follow the doc to create an application on the Datawiza Cloud Management Console (DCMC) to generate a pair of PROVISIONING_KEY, PROVISIONING_SECRET, and the command line to log in to our docker repo.

Use the command line to log in and create a Kubernetes Secret based on the Docker credentials. You can see here for more details.

Then, create a yaml file named example.yaml based on these values:

PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-app-listen-port
imagePullSecrets: replace-with-you-secret

To install the chart with the release name my-release in the namespace my-namespace:

helm install my-release -f example.yaml datawiza/access-broker -n my-namespace

Uninstalling the Chart

To uninstall/delete the my-release deployment:

helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.

Note

The DAP uses a Cookie to track user sessions and will store the session data on the Server Side (default) or the Client Side. In the k8s cluster, you need to add the sticky session config if you use the Server Side cookie. Or you need to change the Session Option (Application -> Advanced -> Advanced Options) in DCMC to Client Side.

Examples

Example with ingress

A very basic example using ingress is like this:

PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-listen-port
imagePullSecrets: replace-with-you-secret
service:
  type: ClusterIP
  port: replace-with-your-listen-port
ingress:
  annotations:
    kubernetes.io/ingress.class: replace-with-your-ingress-class
  className: ''
  enabled: true
  hosts:
    - host: replace-with-your-public-domain
      paths:
        - path: /
          pathType: Prefix

AWS Load Balancer Controller

Follow the Installation Guide to install the AWS Load Balancer Controller.

Sticky Session

Add needed annotations in the ingress block in DAP helm value.yaml file:

  ...
  annotations:
    alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
    alb.ingress.kubernetes.io/target-type: ip
  ...

You can go to AWS doc to see more details.

TLS Termination

Add the alb.ingress.kubernetes.io/certificate-arn: replace-with-your-cert-arn in the ingress annotations. You can see more details here.

And in DCMC, you need to disable the SSL config.

Nginx Ingress Controller

Follow the Installation Guide to install the Nginx Ingress Controller.

Sticky Session

Add needed annotations in the ingress block in DAP helm value.yaml file:

  ...
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
  ...

Meanwhile, Nginx Ingress Controller provides more customized configurations for the sticky session. You can see more details here.

TLS Termination

Create the TLS secret based on your cert and key:

kubectl create secret tls tls-secret --key you-key --cert your-cert  -n your-namespace

Add TLS block in ingress config:

  ...
  tls:
    - hosts:
        - your-public-domain
      secretName: tls-secret
  ...

And likewise, you need to disable the SSL config in DCMC.