Configuring Ingress parameters

Configuring Ingress parameters

To access the deployed PMF instances on the Red Hat® OpenShift® Cluster, you need to configure the ingress. Following scenarios helps one to achieve the same. Proceed as follows.

HTTP deployments

  • In the ingress section in the deploy/crds/charts_v1_mfoperator_cr.yaml file update the following.

    ingress:
  hostname: "myhost.mydomain.com"
  secret: ""
  sslPassThrough: false

HTTPS deployments

  • Generate tls.key and tls.crt by using the following command.

    openssl genrsa -out tls.key 2048
openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=myhost.mydomain.com
oc create secret tls mf-tls-secret --cert=tls.cert --key=tls.key

  • Create ingress tls secret by using the following command.

      kubectl create secret tls mf-tls-secret --key=tls.key --cert=tls.crt

  • In the ingress section in the deploy/crds/charts_v1_mfoperator_cr.yaml file update the following.

    ingress:
  hostname: "myhost.mydomain.com"
  secret: "mf-tls-secret"
  sslPassThrough: false

HTTPS to backend services

  • Import tls.crt to keystore.jks and truststore.jks.

  • Pre-create a secret with keystore.jks and truststore.jks by including the tls.crt created in the step 2 into the keystore and truststore along with keystore and truststore password using the literals KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD.

  • Provide the secret name in the keystoreSecret field of respective component in the deploy/crds/charts_v1_mfoperator_cr.yaml file.

  • Keep the keystore.jks, truststore.jks files and its passwords as follows.

    Example

    oc create secret generic server-stores --from-file=./keystore.jks --from-file=./truststore.jks --from-literal=KEYSTORE_PASSWORD=worklight --from-literal=TRUSTSTORE_PASSWORD=worklight

    Note: The names of the files and literals should be the same as mentioned above. Provide this secret name in the keystoreSecret input field of respective component to override the default keystores when configuring custom resource.

  • The ingress section in the deploy/crds/charts_v1_mfoperator_cr.yaml looks as follows.

    ingress:
  hostname: "myhost.mydomain.com"
  secret: "mf-tls-secret"
  sslPassThrough: false
  https: true
  mfpserver:
    keystoreSecret: "server-stores"
Last modified on