Current status (Kohn)
Global settings:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
global: ... # Global ingress configuration ingress: # generally enable ingress for ONAP components enabled: false # enable all component's Ingress interfaces enable_all: false # default Ingress base URL # can be overwritten in component vyby setting ingress.baseurlOverride virtualhost: baseurl: "simpledemo.onap.org" # All http requests via ingress will be redirected on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" # you can set an own Secret containing a certificate # only valid for Istio Gateway (ServiceMesh enabled) # tls: # secret: 'my-ingress-cert' # optional: Namespace of the Istio IngressGateway # only valid for Istio Gateway (ServiceMesh enabled) namespace: istio-ingress # Global Service Mesh configuration # POC Mode, don't use it in production serviceMesh: enabled: false tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd |
Component settings (e.g. in SDNC/DGBUILDER):
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
dgbuilder:
ingress:
enabled: false
service:
- baseaddr: "sdnc-dgbuilder-ui"
name: "sdnc-dgbuilder"
port: 3000
- baseaddr: "sdnc-web-service-api"
name: "sdnc-web-service"
port: 8443
plain_port: 8080
config:
ssl: "redirect" |
Enhancements in London
Additional parameters to modify the BaseAddess value of the composed Ingress URL
Problem:
- If ONAP is installed on multiple clusters (e.g. clusterA, clusterB)
- and a wildcard-certificate for the baseurl domain exists (e.g. *.simpledemo.onap.org)
- you cannot create cluster specific Ingress URLs for the ONAP services (e.g. sdnc-dgbuilder-ui.simpledemo.onap.org)
Solution:
- Add a cluster specific post/prefix to the baseAddr of the service to create uniqe URLs instead changing each service baseAddr
- Results using "postfix" e.g.
- sdnc-dgbuilder-ui-clusterA.simpledemo.onap.org
- sdnc-dgbuilder-ui-clusterB.simpledemo.onap.org
Ingress URL is currently composed:
Default: <component.ingress.service.baseaddr>.<global.ingress.virtualhost.baseurl>
Override: <component.ingress.service.baseaddr>.<component.ingress.baseurlOverride>
Ingress URLs result of the upper setup:
sdnc-web-service-api.simpledemo.onap.org, sdnc-dgbuilder-ui.simpledemo.onap.org
Planned enhancement:
- Additional options in "global" section
- Enhancement for the Ingress template
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# default Ingress base URL and preAddr- and postAddr settings
# Ingress URLs result:
# <preAddr><component.ingress.service.baseaddr><postAddr>.<baseurl>
virtualhost:
# Default Ingress base URL
# can be overwritten in component by setting ingress.baseurlOverride
baseurl: "simpledemo.onap.org"
# prefix for baseaddr
# can be overwritten in component by setting ingress.preAddrOverride
preAddr: ""
# postfix for baseaddr
# can be overwritten in component by setting ingress.preAddrOverride
postAddr: "" |
Allow customized Ingress Gateway Ports
Problem:
- Ingress Gateways usually expose HTTP ports (80, 443), can be extended in non-NGINX gateways (e.g. Istio, Traefik)
- The existing Ingress template only supports the 80/443 ports
- If non-HTTP ports need to be exposed (e.g. Kafka Bootstrap, SDNC CallHome/TLS), this is not possible
- see: External Kafka Access via Ingress
Solution:
- In the component's ingress configuration the exposed port needs to be configurable
- the Ingress template needs to generate the respective Gateway/VC resources
Planned enhancement for components ingress definition:
Add new optional configuration parameters:
- exposedPort (custiomized Ingress-Gateway ports)
- exposedProtocol (Protocol used on the exposed port)
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
ingress:
enabled: false
service:
- baseaddr: "kafka-bootstrap-api"
name: "onap-strimzi-kafka-external-bootstrap"
port: 9094
exposedPort: 9010
exposedProtocol: TLS
- baseaddr: "kafka-api"
name: "onap-strimzi-kafka-0"
port: 9094
exposedPort: 9000
exposedProtocol: TLS
- baseaddr: "kafka-api"
name: "onap-strimzi-kafka-1"
port: 9094
exposedPort: 9001
exposedProtocol: TLS
- baseaddr: "kafka-api"
name: "onap-strimzi-kafka-2"
port: 9094
exposedPort: 9002
exposedProtocol: TLS |