Hello together,
I have a Rancher provisioned Kubernetes cluster running and I am now trying to write a helm chart to get my Teiid-Wildfly Server running. Currently I am a little bit lost with the Ingress configuration. I am not able to reach the administration console of the Wildfly server via the ingress. I can get to the login page, however after providing credentials on the console login, I always get the following error message:
Access Denied - Insufficient priviledges to acess this interface
When I use a kubectl port-forward 9990:9990 and try to login via http everything is working as expected. Hence, my problem has to do with the use of the nginx ingress as reverse proxy in front of the Wildfly server.
It does ssl termination by the way. My configuration in the helm chart looks as given below. I think I am missing some annotations for the ingress to get the reverse proxing to work. I tried now a lot of different configuration options like
nginx.ingress.kubernetes.io/location-snippet: |
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
but those seem to have no effect. Would be great if someone could provide directions. Thanks a lot for your help!
Best regards,
Christoph
the ingress definition:
{{- $fullName := include "chart.fullname" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/server-snippet: |
proxy_set_header "Host $host";
spec:
tls:
- hosts:
- staging.example.de
- www.staging.example.de
secretName: staging-example-crt
rules:
- host: staging.example.de
http:
paths:
- path: /console
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: www.staging.example.de
http:
paths:
- path: /console
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: staging.example.de
http:
paths:
- path: /management
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: www.staging.example.de
http:
paths:
- path: /management
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: staging.example.de
http:
paths:
- path: /odata4/svc
backend:
serviceName: staging-teiid
servicePort: svc-endpoint
- host: www.staging.example.de
http:
paths:
- path: /odata4/svc
backend:
serviceName: staging-teiid
servicePort: svc-endpoint