@hnanchahal Just pay attention
that kubernetes-1ppc
is deprecated and will be removed soon in favor of
stackstorm-ha
, according to st2-docker/runtime/kubernetes-1ppc at master ·
StackStorm/st2-docker · GitHub notes.
As for Helm/Kubernetes, Ingress controller and HTTP vs HTTPs, per several discussions K8s Ingress Controller · Issue #6 · StackStorm/stackstorm-ha · GitHub
and Add support to specify images name and to enable
HTTP for st2web by GGabriele · Pull Request #44 · StackStorm/stackstorm-ha · GitHub what you
want will be supported in future. Our plan is the following:
- Expose Ingress controller settings via Helm
values.yaml
to allow users to configure the
SSL/TLS negotiation layer on their own (optional).
- Change
st2web
Docker image so it will respond on HTTP by default (currently HTTPS).
^^ that will cover your case and also follows K8s/Helm best practices giving some more flexibility.
As a workaround for your current situation, you can simply configure your infra to work like this:
HTTPs (st2web nginx) <> HTTPs (your ingress controller or load-balancer or whatever).
eg. place your HTTPs load balancer or Ingress in front of existing st2web HTTPs. Just point it to HTTPs
endpoint, not HTTP one. That’ll bring some overhead, but overall should be fine as a temporary
solution.
That’s also what @lhill is suggesting
as #1 option and we’re even using something similar in parts of our
internal infrastructure.