Defining multiple portal endpoints for a VMware environment
Multiple public facing endpoints (portal-www) can be defined for the Developer Portal.
About this task
You can override the single endpoint definition for portal-WWW, and the associated portal-www-ingress TLS certificate, to support multiple portal-www endpoints.
For information about the endpoints for the Developer Portal, see Configuring the Developer Portal subsystem.
Procedure
- Create an
ingress-issuer, ssh into one appliance node, change to root by using sudo -i, then create a file ingress-issuer.yaml with the content:apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: ingress-ca spec: secretName: ingress-ca commonName: "ingress-ca" usages: - digital signature - key encipherment - cert sign isCA: true issuerRef: name: selfsigning-issuer kind: Issuer --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: ingress-issuer spec: ca: secretName: ingress-caRun
kubectl apply -f ingress-issuer.yaml.Note: Instead of creating aningress-issuer, you can replace that step, and not usecert-manager, by creatingportal-web-host1,portal-web-host2, andportal-web-host3, so that they contain certificates for the respective endpoints. In this case, theptl-extra-values.yamlwould not contain reference tocert-manager:
To create the certificates for eachspec: portalUIEndpoint: hosts: - name: ptl.host1.example.com secretName: portal-web-host1 - name: ptl.host2.example.com secretName: portal-web-host2 - name: ptl.host3.example.com secretName: portal-web-host3portal-wwwendpoint, complete the following steps:- If you are using self-signed certificates, create the TLS secrets for each
portal-wwwendpoint by generating the certificates. The following example shows how to generate certificates for eachportal-wwwendpoint by using OpenSSL:openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ptl.host1-tls.key -out ptl.host1-tls.crt -subj "/CN=ptl.host1.example.com" openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ptl.host2-tls.key -out ptl.host2-tls.crt -subj "/CN=ptl.host2.example.com" openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ptl.host3-tls.key -out ptl.host3-tls.crt -subj "/CN=ptl.host3.example.com" - Store the SSL certificates in a secret. Firstly, copy the certificates to the Portal virtual
machine, for
example:
Then, access the virtual machine by using SSH, and store the SSL certificates in a secret, for example:scp ptl.host1-tls.key ptl.host1-tls.crt ptl.host2-tls.key ptl.host2-tls.crt ptl.host3-tls.key ptl.host3-tls.crt apicadm@portal-vm-addresscreate secret tls portal-web-host1 --key ptl.host1-tls.key --cert ptl.host1-tls.crt sudo kubectl --kubeconfig /etc/kubernetes/admin.conf create secret tls portal-web-host2 --key ptl.host2-tls.key --cert ptl.host2-tls.crt sudo kubectl --kubeconfig /etc/kubernetes/admin.conf create secret tls portal-web-host3 --key ptl.host3-tls.key --cert ptl.host3-tls.crt
- If you are using self-signed certificates, create the TLS secrets for each
- In your
apicupproject, create a file calledptl-extra-values.yamlwith the content:spec: portalUIEndpoint: annotations: cert-manager.io/issuer: ingress-issuer hosts: - name: ptl.host1.example.com secretName: portal-web-host1 - name: ptl.host2.example.com secretName: portal-web-host2 - name: ptl.host3.example.com secretName: portal-web-host3Run the commands:apicup subsys set <ptl_subsys> extra-values-file <path-to-ptl-extra-values-yaml-file>
.apicup subsys install <ptl_subsys> - You should see the change on your appliance:
root@ptl:~# kubectl get ingress NAME HOSTS ADDRESS PORTS AGE ptl-portal-director api.ptl.example.com 80, 443 25m ptl-portal-web ptl.host1.example.com,ptl.host2.example.com,ptl.host3.example.com 80, 443 25m
Results
You have defined multiple Developer Portal endpoints for a VMware environment.