8.6 Creating the Ingress
Run the following commands to create the ingress:
- Navigate to the
$WORKDIR:cd $WORKDIR - Run the following helm command to create the
ingress:
For example:helm install oam-nginx kubernetes/charts/ingress-per-domain \ --namespace <domain_namespace> \ --values kubernetes/charts/ingress-per-domain/values.yaml
The output will look similar to the following:helm install oam-nginx kubernetes/charts/ingress-per-domain \ --namespace oamns \ --values kubernetes/charts/ingress-per-domain/values.yamlNAME: oam-nginx LAST DEPLOYED: <DATE> NAMESPACE: oamns STATUS: deployed REVISION: 1 TEST SUITE: None - Run the following command to show the ingress is created
successfully:
For examplekubectl get ing -n <domain_namespace>
Ifkubectl get ing -n oamnshostname.enabled: false, the output will look similar to the following:
IfNAME CLASS HOSTS ADDRESS PORTS AGE accessdomain-nginx nginx * 80 5shostname.enabled: true, the output will look similar to the following:NAME CLASS HOSTS ADDRESS PORTS AGE oamadmin-ingress nginx admin.example.com 80 14s oamruntime-ingress nginx runtime.example.com 80 14s - Run the following command to check the
ingress:
For example:kubectl describe ing <ingress> -n <domain_namespace>
The output will look similar to the following forkubectl describe ing accessdomain-nginx -n oamnsaccessdomain-nginx:
The output will look similar to the following forName: accessdomain-nginx Labels: app.kubernetes.io/managed-by=Helm Namespace: oamns Address: 10.109.22.22 Ingress Class: nginx Default backend: <default> Rules: Host Path Backends ---- ---- -------- * /console accessdomain-adminserver:7001 (10.244.1.200:7001) /consolehelp accessdomain-adminserver:7001 (10.244.1.200:7001) /rreg/rreg accessdomain-adminserver:7001 (10.244.1.200:7001) /em accessdomain-adminserver:7001 (10.244.1.200:7001) /management accessdomain-adminserver:7001 (10.244.1.200:7001) /oamconsole accessdomain-adminserver:7001 (10.244.1.200:7001) /dms accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services/rest accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/admin/config accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/admin/diag accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/access accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oam/admin/api accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services/rest/access/api accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /access accessdomain-cluster-policy-cluster:15100 (10.244.2.126:14150) /oam accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) / accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) Annotations: meta.helm.sh/release-name: oam-nginx meta.helm.sh/release-namespace: oamns nginx.ingress.kubernetes.io/enable-access-log: false nginx.ingress.kubernetes.io/proxy-buffer-size: 2000k Events: <none> Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 33s nginx-ingress-controller Scheduled for syncoamadmin-ingress:
The output will look similar to the following forName: oamadmin-ingress Labels: app.kubernetes.io/managed-by=Helm Namespace: oamns Address: 10.109.22.22 Ingress Class: nginx Default backend: <default> Rules: Host Path Backends ---- ---- -------- admin.example.com /console accessdomain-adminserver:7001 (10.244.1.200:7001) /consolehelp accessdomain-adminserver:7001 (10.244.1.200:7001) /rreg/rreg accessdomain-adminserver:7001 (10.244.1.200:7001) /em accessdomain-adminserver:7001 (10.244.1.200:7001) /oamconsole accessdomain-adminserver:7001 (10.244.1.200:7001) /dms accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services/rest accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/admin/config accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/admin/api accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/admin/diag accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services accessdomain-adminserver:7001 (10.244.1.200:7001) /iam/admin accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services/rest/11.1.2.0.0 accessdomain-adminserver:7001 (10.244.1.200:7001) /oam/services/rest/ssa accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /access accessdomain-cluster-policy-cluster:14150 (10.244.2.126:15100) Annotations: meta.helm.sh/release-name: oam-nginx meta.helm.sh/release-namespace: oamns nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/enable-access-log: false nginx.ingress.kubernetes.io/ingress.allow-http: true nginx.ingress.kubernetes.io/proxy-buffer-size: 2000k nginx.ingress.kubernetes.io/ssl-redirect: false Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 32s nginx-ingress-controller Scheduled for syncoamruntime-ingress:Name: oamruntime-ingress Labels: app.kubernetes.io/managed-by=Helm Namespace: oamns Address: 10.109.22.22 Ingress Class: nginx Default backend: <default> Rules: Host Path Backends ---- ---- -------- runtime.example.com /ms_oauth accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oam/services/rest/auth accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oam/services/rest/access accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oamfed accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /otpfp/ accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oauth2 accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /oam accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /.well-known/openid-configuration accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /.well-known/oidc-configuration accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /CustomConsent accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) /iam/access accessdomain-cluster-oam-cluster:14100 (10.244.2.127:14100) Annotations: meta.helm.sh/release-name: oam-nginx meta.helm.sh/release-namespace: oamns nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/enable-access-log: false nginx.ingress.kubernetes.io/proxy-buffer-size: 2000k Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Sync 3m34s (x2 over 4m10s) nginx-ingress-controller Scheduled for sync - To confirm that the new ingress is successfully routing to the domain’s server pods,
run the following command to send a request to the OAM Administration Console:
- For
SSL:
curl -v -k https://${HOSTNAME}:${PORT}/oamconsole - For
NONSSL:
curl -v http://${HOSTNAME}:${PORT}/oamconsole
The
${HOSTNAME}:${PORT}to use depends on the value set forhostName.enabled.If
hostName.enabled: falseuse the hostname and port where the ingress controller is installed, for examplehttp://oam.example.com:30777.If usinghostName.enabled: truethen you can only access via the admin hostname, for examplehttps://admin.example.com/oamconsole.Note:
You can only access via the admin URL if it is currently accessible and routing correctly to the ingress host and port.For example:The output will look similar to the following. You should receive acurl -v http://oam.example.com:30777/oamconsole302 Moved Temporarilymessage:> GET /oamconsole HTTP/1.1 > Host: oam.example.com:30777 > User-Agent: curl/7.61.1 > Accept: */* > < HTTP/1.1 302 Moved Temporarily < Date: <DATE> < Content-Type: text/html < Content-Length: 333 < Connection: keep-alive < Location: http://oam.example.com:30777/oamconsole/ < X-Content-Type-Options: nosniff < X-Frame-Options: DENY < <html><head><title>302 Moved Temporarily</title></head> <body bgcolor="#FFFFFF"> <p>This document you requested has moved temporarily.</p> <p>It's now at <a href="http://oam.example.com:30777/oamconsole/">http://oam.example.com:30777/oamconsole/</a>.</p> </body></html> * Connection #0 to host oam.example.com left intact - For
SSL:
After confirming the above, verify that the domain applications are accessible. See, Validating the Domain URLs.