diff --git a/docs/_docs/logging.md b/docs/_docs/logging.md index 8df1fa97..c11b726e 100644 --- a/docs/_docs/logging.md +++ b/docs/_docs/logging.md @@ -181,7 +181,6 @@ This can be useful for example if elasticsearh database have to be used to monit - Step 1. Create the ingress rule manifest - ```yml --- # HTTPS Ingress @@ -319,26 +318,63 @@ Make accesible Kibana UI from outside the cluster through Ingress Controller - Step 1. Create the ingress rule manifest ```yml + --- + # HTTPS Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kibana-ingress namespace: k3s-logging annotations: - kubernetes.io/ingress.class: traefik + # HTTPS as entry point + traefik.ingress.kubernetes.io/router.entrypoints: websecure + # Enable TLS + traefik.ingress.kubernetes.io/router.tls: "true" + # Enable cert-manager to create automatically the SSL certificate and store in Secret + cert-manager.io/cluster-issuer: ca-issuer + cert-manager.io/common-name: kibana.picluster.ricsanfre.com spec: + tls: + - hosts: + - kibana.picluster.ricsanfre.com + secretName: kibana-tls rules: - - host: kibana.picluster.ricsanfre.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: "efk-kb-http" - port: - number: 5601 + - host: kibana.picluster.ricsanfre.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: efk-kb-http + port: + number: 5601 + --- + # http ingress for http->https redirection + kind: Ingress + apiVersion: networking.k8s.io/v1 + metadata: + name: kibana-redirect + namespace: k3s-logging + annotations: + # Use redirect Midleware configured + traefik.ingress.kubernetes.io/router.middlewares: traefik-system-redirect@kubernetescrd + # HTTP as entrypoint + traefik.ingress.kubernetes.io/router.entrypoints: web + spec: + rules: + - host: kibana.picluster.ricsanfre.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: efk-kb-http + port: + number: 5601 ``` + - Step 2: Apply manifest ```shell kubectl apply -f manifest.yml diff --git a/roles/logging/k3s/templates/kibana_ingress.yml.j2 b/roles/logging/k3s/templates/kibana_ingress.yml.j2 index 6bbc606d..f96a7fc4 100644 --- a/roles/logging/k3s/templates/kibana_ingress.yml.j2 +++ b/roles/logging/k3s/templates/kibana_ingress.yml.j2 @@ -1,20 +1,56 @@ --- +# HTTPS Ingress apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kibana-ingress - namespace: k3s-logging + namespace: {{ k3s_logging_namespace }} annotations: - kubernetes.io/ingress.class: traefik + # HTTPS as entry point + traefik.ingress.kubernetes.io/router.entrypoints: websecure + # Enable TLS + traefik.ingress.kubernetes.io/router.tls: "true" + # Enable cert-manager to create automatically the SSL certificate and store in Secret + cert-manager.io/cluster-issuer: ca-issuer + cert-manager.io/common-name: {{ kibana_dashboard_dns }} spec: + tls: + - hosts: + - {{ kibana_dashboard_dns }} + secretName: kibana-tls rules: - - host: {{ kibana_dashboard_dns }} + - host: {{ kibana_dashboard_dns }} http: paths: - path: / pathType: Prefix backend: service: - name: "{{ efk_cluster_name }}-kb-http" + name: {{ efk_cluster_name }}-kb-http + port: + number: 5601 + +--- +# http ingress for http->https redirection +kind: Ingress +apiVersion: networking.k8s.io/v1 +metadata: + name: kibana-redirect + namespace: {{ k3s_logging_namespace }} + annotations: + # Use redirect Midleware configured + traefik.ingress.kubernetes.io/router.middlewares: {{ k3s_traefik_namespace }}-redirect@kubernetescrd + # HTTP as entrypoint + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: {{ kibana_dashboard_dns }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ efk_cluster_name }}-kb-http port: number: 5601