Enabling Ingress parameters
improve this page | report issue
Enabling Ingress parameters
To access the deployed Mobile Foundation instances on OpenShift Cluster, one need to configure the ingress. Following scenarios helps one to achieve the same.
-
For HTTP Deployments, ingress section in
deploy/crds/charts_v1_mfoperator_cr.yaml
looks as below:ingress: hostname: "myhost.mydomain.com" secret: "" sslPassThrough: false
- For HTTPS deployments, TLS secret is mandatory.
-
Generate
tls.key
andtls.crt
using the following command:openssl genrsa -out tls.key 2048 openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=myhost.mydomain.com oc create secret tls mf-tls-secret --cert=tls.cert --key=tls.key
-
Create ingress tls secret using following command:
kubectl create secret tls mf-tls-secret --key=tls.key --cert=tls.crt
ingress section in
deploy/crds/charts_v1_mfoperator_cr.yaml
looks as below:ingress: hostname: "myhost.mydomain.com" secret: "mf-tls-secret" sslPassThrough: false
-
-
For HTTPS to backend services,
tls.crt
needs to be imported tokeystore.jks
andtruststore.jks
.Pre-create a secret with
keystore.jks
andtruststore.jks
by including thetls.crt
created in step 2 into the keystore and truststore along with keystore and truststore password using the literals KEYSTORE_PASSWORD and TRUSTSTORE_PASSWORD. Provide the secret name in the field keystoreSecret of respective component in thedeploy/crds/charts_v1_mfoperator_cr.yaml
.Keep the files
keystore.jks
,truststore.jks
and its passwords as below.For example,
oc create secret generic server-stores --from-file=./keystore.jks --from-file=./truststore.jks --from-literal=KEYSTORE_PASSWORD=worklight --from-literal=TRUSTSTORE_PASSWORD=worklight
NOTE: The names of the files and literals should be the same as mentioned in command above. Provide this secret name in keystoreSecret input field of respective component to override the default keystores when configuring custom resource.
ingress section in
deploy/crds/charts_v1_mfoperator_cr.yaml
looks as below:ingress: hostname: "myhost.mydomain.com" secret: "mf-tls-secret" sslPassThrough: false https: true mfpserver: keystoreSecret: "server-stores"
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.