@hnanchahal Just pay attention that
kubernetes-1ppc is deprecated and will be removed soon in favor of
stackstorm-ha, according to st2-docker/runtime/kubernetes-1ppc at master · StackStorm/st2-docker · GitHub notes.
As for Helm/Kubernetes, Ingress controller and HTTP vs HTTPs, per several discussions K8s Ingress Controller · Issue #6 · StackStorm/stackstorm-ha · GitHub and Add support to specify images name and to enable HTTP for st2web by GGabriele · Pull Request #44 · StackStorm/stackstorm-ha · GitHub what you want will be supported in future. Our plan is the following:
- Expose Ingress controller settings via Helm
values.yaml to allow users to configure the SSL/TLS negotiation layer on their own (optional).
st2web Docker image so it will respond on HTTP by default (currently HTTPS).
^^ that will cover your case and also follows K8s/Helm best practices giving some more flexibility.
As a workaround for your current situation, you can simply configure your infra to work like this:
HTTPs (st2web nginx) <> HTTPs (your ingress controller or load-balancer or whatever).
eg. place your HTTPs load balancer or Ingress in front of existing st2web HTTPs. Just point it to HTTPs endpoint, not HTTP one. That’ll bring some overhead, but overall should be fine as a temporary solution.
That’s also what @lhill is suggesting as #1 option and we’re even using something similar in parts of our internal infrastructure.