{"id":801,"date":"2022-02-04T13:21:14","date_gmt":"2022-02-04T12:21:14","guid":{"rendered":"https:\/\/www.ume.li\/blog\/?p=801"},"modified":"2022-02-04T16:01:13","modified_gmt":"2022-02-04T15:01:13","slug":"hcl-component-pack-7-multiple-namespaces-ingress-controller","status":"publish","type":"post","link":"https:\/\/www.ume.li\/blog\/2022\/02\/04\/hcl-component-pack-7-multiple-namespaces-ingress-controller\/","title":{"rendered":"HCL Component Pack 7 – Multiple Namespaces – Ingress Controller"},"content":{"rendered":"

My goal is to run multiple HCL Connections Component Packs 7 (CP7) on 1 Kubernetes Cluster.
\nTaking a quick look on a working environment with one CP7 instance, you’ll notice the nginx ingress controller.
\nAs soon as I would try to install CP7 into another namespace, this controller would request the same port number or refuse to install at all (I did not try it). I decided to replace this with a traefik<\/a> ingress controller. At the moment I use version 2.6 with it’s nice dashboard. <\/p>\n

\"\"<\/a>
\nConverting the ingress from nginx to traefik ingressroute is very easy. The only thing I had check was this annotation:
\nnginx.ingress.kubernetes.io\/rewrite-target: \/$1. This requires the stripPrefix middleware in traefik.<\/p>\n

Traefik uses 3 ports (http, https and tcp traffic) globally. Customizer is mapped to https, appreg and orient-me are routed through http and ElasticSearch uses the tcp port. <\/p>\n

Putting customizer on https required me to add the cert-manager.io <\/a> to my k8s environment. As it is my lab environment I only use self sigend certs for interservice traffic. <\/p>\n

Adding the tls section results in this ingressroute for the mw-proxy.<\/p>\n

\r\n---\r\n#kubectl -n connect6 get svc mw-proxy -o jsonpath={.spec.ports[0].nodePort}\r\n#\r\napiVersion: traefik.containo.us\/v1alpha1\r\nkind: IngressRoute\r\nmetadata:\r\n  name: mw-proxy-ingressroute\r\n  namespace: connect6\r\nspec:\r\n  entryPoints:\r\n    - websecure\r\n  routes:\r\n    - match: Host(`connect6.domain.local`)\r\n      kind: Rule\r\n      priority: 5\r\n      services:\r\n        - name: mw-proxy\r\n          kind: Service\r\n          namespace: connect6\r\n          port: 80\r\n          passHostHeader: true\r\n          scheme: http\r\n  tls:\r\n    secretName: mw-proxy-secret\r\n\r\n<\/pre>\n
After that I switch the mw-proxy service from NodePort to ClusterIP.
\n\"\"<\/a><\/p>\n
Encrypting the traffic for orient-me would require to set the SSLProxyEngine on<\/em> in the IHS config. And this will only work if the certificates are in the ihs trust\/key store. I’ll skip this step for now.<\/p>\n
The only thing that does not seem to work at the moment is the haproxy-redis traffic. I was not able to route that through traefik. That part still requires a seperate port. <\/p>\n
After all this I use 3 global ports for traefik and 1 port for the redis traffic per namespace.
\n\"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
My goal is to run multiple HCL Connections Component Packs 7 (CP7) on 1 Kubernetes Cluster. Taking a quick look<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,54,23],"tags":[67,24,72],"class_list":["post-801","post","type-post","status-publish","format-standard","hentry","category-62","category-component-pack","category-connections","tag-component-pack","tag-connections","tag-ingress"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/comments?post=801"}],"version-history":[{"count":9,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/801\/revisions"}],"predecessor-version":[{"id":824,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/posts\/801\/revisions\/824"}],"wp:attachment":[{"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/media?parent=801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/categories?post=801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ume.li\/blog\/wp-json\/wp\/v2\/tags?post=801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}