Investigate Ingress options on minishift, OKD and OpenShift

[mnuttall]

This is part of Epic #203 in which we want to help other tools find and link to the Tekton dashboard.

A Tekton Dashboard Operator is under development in openshift/tektoncd-pipeline-operator#14 and https://github.com/akihikokuroda/tektoncd-pipeline-operator/tree/dashboard.

Once installed on a 'real' cluster we can expect the Dashboard to be typically accessed via Ingress. This task covers the initial investigative work to understand how Ingress endpoints are typically created and managed on the RedHat family of minishift, OKD and OpenShift. We want to understand whether the Dashboard Operator should be extended to include Ingress configuration, and if so, what that entails.

Ideally we want an Ingress endpoint offering HTTPS signed by the master certificate of the underlying cluster.

[jessm12]

/assign

[jessm12]

The current dashboard install on Openshift/Minishift includes an Openshift route resource which defines an ingress endpoint

I tested the install on Minishift, raised the issues that I came across - docs changes are required to make this install trivial, and was able to access the dashboard successfully at tekton-dashboard-openshift-pipelines-operator.192.168.64.2.nip.io

Our Go code is currently serving on http so there would be a change required in order to serve securely and to access the certificate of the cluster. I think we should be able to use the default ingress certificate that Openshift provides https://docs.openshift.com/container-platform/4.1/authentication/certificates/replacing-default-ingress-certificate.html

[akihikokuroda]

I looked at the ingress of the Openshift, too. Yes, the Openshift seems to provide the certificate signed by the CA in the Openshift. I believe that's good enough.

The route is the old way to route the external request into the services in the Openshift cluster. I believe we should use the standard ingress instead of the route.

[akihikokuroda]

I'm putting the ingress definition in #228 (comment) to the operator. If I have to tweak, please let me know.

[jessm12]

Sounds good @akihikokuroda! Perhaps once the operator is ready to go we can doc it and then we may not need to keep the current install yaml files that we have for openshift at https://github.com/tektoncd/dashboard/tree/master/config/templates

Is the operator ready to try out from your fork?

[akihikokuroda]

I have 2 separate branches that must be combined. One for the dashboard and the other for the ingress. Both must be merged together to make them work. So they don't work yet :-(
Here are the branches for your reference:
https://github.com/akihikokuroda/tektoncd-pipeline-operator/tree/dashboard
https://github.com/akihikokuroda/tektoncd-pipeline-operator/tree/ingress

[jessm12]

/close
@akihikokuroda has been working on this for the operator, I don't think there's anymore work left for me to do here so closing

[tekton-robot]

@jessm12: Closing this issue.

In response to this:

/close
@akihikokuroda has been working on this for the operator, I don't think there's anymore work left for me to do here so closing

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.