5be02706cb
|
||
|---|---|---|
| .. | ||
| ci | ||
| templates | ||
| .helmignore | ||
| Chart.yaml | ||
| README.md | ||
| app-readme.md | ||
| questions.yaml | ||
| values.yaml | ||
README.md
Access Proxy Helm Chart
- Installs the Identity Aware proxy Access Proxy
Get Repo Info
helm repo add datawiza https://datawiza-inc.github.io/helm-charts/
helm repo update
Installing the Chart
Please follow the doc to create an application on the Datawiza Cloud Management Console (DCMC) to generate a pair of PROVISIONING_KEY, PROVISIONING_SECRET, and the command line to log in to our docker repo.
Use the command line to log in and create a Kubernetes Secret based on the Docker credentials. You can see here for more details.
Then, create a yaml file named example.yaml based on these values:
PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-app-listen-port
imagePullSecrets: replace-with-you-secret
To install the chart with the release name my-release in the namespace my-namespace:
helm install my-release -f example.yaml datawiza/access-broker -n my-namespace
Uninstalling the Chart
To uninstall/delete the my-release deployment:
helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.
Note
The DAP uses a Cookie to track user sessions and will store the session data on the Server Side (default) or the Client Side. In the k8s cluster, you need to add the sticky session config if you use the Server Side cookie. Or you need to change the Session Option (Application -> Advanced -> Advanced Options) in DCMC to Client Side.
Examples
Example with ingress
A very basic example using ingress is like this:
PROVISIONING_KEY: replace-with-your-provisioning-key
PROVISIONING_SECRET: replace-with-your-provisioning-key
containerPort: replace-with-your-listen-port
imagePullSecrets: replace-with-you-secret
service:
type: ClusterIP
port: replace-with-your-listen-port
ingress:
annotations:
kubernetes.io/ingress.class: replace-with-your-ingress-class
className: ''
enabled: true
hosts:
- host: replace-with-your-public-domain
paths:
- path: /
pathType: Prefix
AWS Load Balancer Controller
Follow the Installation Guide to install the AWS Load Balancer Controller.
Sticky Session
Add needed annotations in the ingress block in DAP helm value.yaml file:
...
annotations:
alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=60
alb.ingress.kubernetes.io/target-type: ip
...
You can go to AWS doc to see more details.
TLS Termination
Add the alb.ingress.kubernetes.io/certificate-arn: replace-with-your-cert-arn in the ingress annotations. You can see more details here.
And in DCMC, you need to disable the SSL config.
Nginx Ingress Controller
Follow the Installation Guide to install the Nginx Ingress Controller.
Sticky Session
Add needed annotations in the ingress block in DAP helm value.yaml file:
...
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
...
Meanwhile, Nginx Ingress Controller provides more customized configurations for the sticky session. You can see more details here.
TLS Termination
Create the TLS secret based on your cert and key:
kubectl create secret tls tls-secret --key you-key --cert your-cert -n your-namespace
Add TLS block in ingress config:
...
tls:
- hosts:
- your-public-domain
secretName: tls-secret
...
And likewise, you need to disable the SSL config in DCMC.