Defining multiple portal endpoints for a VMware environment

Multiple public facing endpoints (portal-www) can be defined for the Developer Portal.

About this task

You can override the single endpoint definition for portal-www (and the associated portal-www-ingress TLS certificate), in order to support multiple portal-www endpoints.

For information about the endpoints for the Portal, see Deploying the Developer Portal in a VMware environment.

Following are the example endpoints for configuring different sites served by the same Portal service, as configured in this task:
  • https://banking.example.com/loans
  • https://insurance.example.com/vehicle
These unique endpoints allow portal sites to be defined on the Portal service with different host names and domains. They replace endpoints that distinguish different sites by sub paths, as shown in the following examples:
  • https://www.example.com/banking/loans
  • https://www.example.com/insurance/vehicle

Procedure

  1. Create TLS secrets for each portal-www endpoint by generating certificates
    Following is an example for how to generate certificates for each portal-www endpoint using openssl:
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout banking-tls.key -out banking-tls.crt -subj "/CN=banking.example.com"
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout insurance-tls.key -out insurance-tls.crt -subj "/CN=insurance.example.com"
  2. Store the SSL certificates in a secret.
    Copy the certificates to the Portal virtual machine as follows:
    scp banking-tls.key banking-tls.crt insurance-tls.key insurance-tls.crt apicadm@<portal-vm-address>
    Access the virtual machine using SSH and store the SSL certificates in a secret:
    sudo kubectl --kubeconfig /etc/kubernetes/admin.conf create secret tls banking-tls --key banking-tls.key --cert banking-tls.crt
sudo kubectl --kubeconfig /etc/kubernetes/admin.conf create secret tls insurance-tls --key insurance-tls.key --cert insurance-tls.crt
  3. Specify the portal-www endpoints in an extra values file.
    Create an extra values file or append to your current one. Enter the name and secret for each endpoint as an ingress setting in the extra values file. (One extra values file is allowed.) For instructions on creating an extra-values-file, see Creating an extra values file in a Kubernetes environment.
    apic-portal-www:
  ingress:
    web:
      hosts:
      - name: banking.example.com
        secret: banking-tls
      - name: insurance.example.com
        secret: insurance-tls
  4. Configure your Portal subsystem to load the extra values file with the following command: 
    apicup subsys set <portal-subsys> extra-values-file=<full-path-to-extra-values-file>
  5. Install the portal subsystem with the new extra values file using apicup subsys install portal-subsys.
    For more information on installing the Portal subsystem, see Deploying the Developer Portal in a VMware environment.
  6. If your deployment had existing Portal sites when you configured multiple endpoints, ensure that the Portal site URLs specified in the Manager UI Catalog settings page are consistent with the new endpoint URLs. Access the Catalog setting page, and review the URLs of those existing sites. Modify as appropriate.