pega-helm-charts icon indicating copy to clipboard operation
pega-helm-charts copied to clipboard

Published 20 hours ago verified publisher icon pegasystems

Constellation deployment in GKE

Open alemax22 opened this issue 2 years ago • 0 comments

Describe the bug The web and stream ingresses does not redirect the traffic to the correct pod, in fact the URL "domainname"/c11n does not redirect the requests towards the constellations pods. I have seen that this can be solved by adding an "*" to the end of the spec.rules.http.paths.path element in the "charts/pega/templates/_pega-gke-ingress.tpl" file. Moreover we needed to change the file "charts/pega/charts/constellation/templates/clln-service.yaml" in order to create a NodePort service with an internal ip (we cannot use and external load balancer, as we are in a restricted area on the cloud).

Our code in "charts/pega/templates/_pega-gke-ingress.tpl"

# Ingress to be used for {{ .name }}
kind: Ingress
{{ include "ingressApiVersion" . }}
metadata:
  name: {{ .name }}
  namespace: {{ .root.Release.Namespace }}
{{ if (.node.ingress) }}
{{ if (.node.ingress.tls) }}
{{ if (eq .node.ingress.tls.enabled true) }}
  annotations:
    kubernetes.io/ingress.allow-http: "false"
{{ if (.node.ingress.tls.useManagedCertificate) }}
    networking.gke.io/managed-certificates: managed-certificate-{{ .node.name }}
{{ end }}
{{ if (.node.ingress.tls.ssl_annotation) }}
{{ toYaml .node.ingress.tls.ssl_annotation | indent 4 }}
{{ end }}
{{- if .node.ingress.annotations }}
{{ toYaml .node.ingress.annotations | indent 4 }}
{{- end }}
{{ end }}
{{ end }}
{{ end }}
spec:
{{ if (.node.ingress) }}
{{ if (.node.ingress.tls) }}
{{ if (eq .node.ingress.tls.enabled true) }}
{{ if .node.ingress.tls.secretName }}
{{ include "tlssecretsnippet" . }}
{{ end }}
{{ end }}
{{ end }}
{{ end }}
{{- if (semverCompare ">= 1.22.0-0" (trimPrefix "v" .root.Capabilities.KubeVersion.GitVersion)) }}
  defaultBackend:
{{ else }}
  backend:
{{ end }}
{{ include "ingressService" . | indent 4 }}
  rules:
  # The calls will be redirected from {{ .node.domain }} to below mentioned backend serviceName and servicePort.
  # To access the below service, along with {{ .node.domain }}, http/https port also has to be provided in the URL.
  - host: {{ template "domainName" dict "node" .node }}
    http:
      paths:
      {{ if and .root.Values.constellation (eq .root.Values.constellation.enabled true) }}
      - path: /c11n/*
        pathType: ImplementationSpecific
        backend:
{{ include "ingressServiceC11n" . | indent 10 }}
      {{ end }}
      - path: /*
        pathType: ImplementationSpecific
        backend:
{{ include "ingressService" . | indent 10 }}
---
{{- end }}

Our code in the file:

#Deploy only when the constellation flag has been enabled in the values yaml.
{{ if and .Values.enabled (eq .Values.enabled true) }}
apiVersion: v1
kind: Service
metadata:
  name: constellation
  labels:
    app: constellation
    # component: constellation
spec:
  selector:
    app: constellation
    # component: constellation
  ports:
  - protocol: TCP
    port: 3000
    targetPort: 3000
  type: NodePort
{{ end }}

To Reproduce Deploy the helm chart in a GKE environment by enabling the constellation engine part.

Expected behavior Deploy the constellation pods and route the traffic towards them

Chart version v2.1.1

Server (if applicable, please complete the following information):

  • Environment: GKE
  • Database: GC managed PostgreSQL 12

Additional context None

alemax22 avatar Jun 23 '22 09:06 alemax22