Open michielbdejong opened 2 years ago
michielbdejong
commented
2 years ago What I tried so far:
helm repo add cs3org https://cs3org.github.io/charts/
helm install my-reva cs3org/revad
kubectl get configMaps
-> you should see 'my-reva-revad-config' listed there
kubectl describe configmaps my-reva
-> you should see the configThe cert I want to use is in /etc/letsencrypt/live/mesh.pondersource.org/ - maybe something like helm install custom-reva cs3org/revad \ --set-file configFiles.revad\\.toml=custom-config.toml can fill that into the templates somehow?
SamuAlfageme
commented
2 years ago Hi @michielbdejong, you can take a look at the docs on https://developer.sciencemesh.io/docs/technical-documentation/iop/deployment/kubernetes/#configuring-an-iop-deployment. There's a TLS-terminated setup for the revad gateway ingress resource described in there.
Let us know if something remains unclear from that documentation. cc/ @dagl
michielbdejong
commented
2 years ago Thanks! I was able to follow those instructions and import my LetsEncrypt cert into a Kubernetes secret. Just debugging this error now:
helm upgrade -i iop sciencemesh/iop --set-file gateway.configFiles.revad\\.toml=standalone.toml --set-file gateway.configFiles.users\\.json=users-cern.json --set-file gateway.configFiles.ocm-providers\\.json=providers.demo.json -f custom-ingress.yaml
Release "iop" does not exist. Installing it now.
Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "iop-gateway-grpc" namespace: "" from "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "iop-gateway-http" namespace: "" from "": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"
ensure CRDs are installed first]Changing sciencemesh/iop to cs3org/revad there helps.
Compare:
helm repo add cs3org https://cs3org.github.io/charts/vs
helm repo add sciencemesh https://sciencemesh.github.io/charts/helm repo list
NAME URL
cs3org https://cs3org.github.io/charts/
sciencemesh https://sciencemesh.github.io/charts/There seems to be a mismatch between Values.ingress.enabled and gateway.ingress.enabled.
SamuAlfageme
commented
2 years ago @michielbdejong could you post the values of running the helm update -i command with the--debug and --dry-run flags? the generated ingress YAML manifests should contain the right networking.k8s.io/v1 as API version after https://github.com/cs3org/charts/pull/34.
Which version of Kubernetes are you using?
There's no mismatch between those two values. The sciencemesh/iop chart is an umbrella depending on the cs3org/revad chart amongst others. When setting gateway.ingress.enabled=true you're explicitly exposing through an ingress resource just 1/3 of the reva daemons that the IOP chart contains, both through HTTP and gRPC.
michielbdejong
commented
2 years ago @SamuAlfageme thanks! CC @navid-dada
shokri-navid
commented
2 years ago I think it is based on our side in Kubernetes because I could not expose even a simple project on port 80 on the internet. So we were using Minikube and I guess the problem is from that, I installed Kubernetes and I am trying to figure it out
wkloucek
commented
1 year ago I think it is based on our side in Kubernetes because I could not expose even a simple project on port 80 on the internet. So we were using Minikube and I guess the problem is from that, I installed Kubernetes and I am trying to figure it out
When using Minikube you can run minikube addons enable ingress and then your service will be exposed on the minikube interface, from which you can get the ip by running minikube ip (https://minikube.sigs.k8s.io/docs/commands/ip/).
Up to now we had https://mesh.pondersource.org/ running with revad listening directly to port 443, using this built-in TLS feature of revad.
But this helm chart doesn't seem to use it. Instead, it seems that we should be using some sort of ingress using the
ingress.services.{http,grpc}.tlsconfig that is mentioned in https://github.com/cs3org/charts/tree/master/revad#configuration ?I'm not very experienced with kubernetes and there is very little "Getting Started" info here.
I see the following sites all run revad with TLS on port 443:
How do they do it? Are there no docs about this?