我有一个 Rancher 配置的 Kubernetes 集群正在运行,我现在正在尝试编写一个 helm 图表来让我的 Teiid-Wildfly 服务器运行。目前我对 Ingress 配置有点迷茫。我无法通过入口访问管理控制台。我得到登录页面,但是在控制台登录中提供凭据后,我总是收到以下错误消息:
拒绝访问 - 访问此接口的权限不足
当我使用 kubectl port-forward 9990:9990 并尝试通过 http 登录时,一切都按预期工作。因此,我的问题与我使用 nginx 入口作为反向代理有关。顺便说一句,它会终止 ssl。我在掌舵图中的配置如下所示。我想我在这里遗漏了一些注释,以便反向代理起作用。我现在尝试了很多不同的配置,但总是没有成功。如果有人可以提供方向,那就太好了。非常感谢你的帮助!
此致,
克里斯托夫
{{- $fullName := include "chart.fullname" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/server-snippet: |
proxy_set_header "Host $host";
spec:
tls:
- hosts:
- staging.example.de
- www.staging.example.de
secretName: staging-example-crt
rules:
- host: staging.example.de
http:
paths:
- path: /console
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: www.staging.example.de
http:
paths:
- path: /console
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: staging.example.de
http:
paths:
- path: /management
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: www.staging.example.de
http:
paths:
- path: /management
backend:
serviceName: staging-teiid
servicePort: mgmt-interface
- host: staging.example.de
http:
paths:
- path: /odata4/svc
backend:
serviceName: staging-teiid
servicePort: svc-endpoint
- host: www.staging.example.de
http:
paths:
- path: /odata4/svc
backend:
serviceName: staging-teiid
servicePort: svc-endpoint
```
------------
The docker image for the container is build with the following docker file
```
# this is the version we will use for productive use. vdb's for wildfly/teiid version 9 are compatible
FROM jboss/wildfly:17.0.0.Final
ENV TEIID_VERSION 12.3.0
ENV TEIID_CONSOLE_VERSION 3.1.0
ARG ADMIN_USER
ARG ADMIN_PWD
MAINTAINER Christoph John <christoph_john@gmx.de>
ENV JBOSS_HOME /opt/jboss/wildfly
ENV JBOSS_CLI /opt/jboss/wildfly/bin/jboss-cli.sh
# Copy and unzip Teiid console
COPY --chown=jboss:jboss dist-$TEIID_CONSOLE_VERSION-overlay.zip $JBOSS_HOME
RUN cd $JBOSS_HOME \
&& bsdtar -xf dist-$TEIID_CONSOLE_VERSION-overlay.zip \
&& rm dist-$TEIID_CONSOLE_VERSION-overlay.zip
# Copy and unzip Teiid server
COPY --chown=jboss:jboss teiid-wildfly-$TEIID_VERSION-dist.zip $JBOSS_HOME
RUN cd $JBOSS_HOME \
&& bsdtar -xf teiid-wildfly-$TEIID_VERSION-dist.zip \
&& chmod +x $JBOSS_HOME/bin/*.sh \
&& rm teiid-wildfly-$TEIID_VERSION-dist.zip
# add required admin and application user
RUN echo "=> Adding WildFly administrator and application user" \
&& $JBOSS_HOME/bin/add-user.sh -u $ADMIN_USER -p $ADMIN_PWD -g admin \
&& $JBOSS_HOME/bin/add-user.sh -a -u $ADMIN_USER -p $ADMIN_PWD -g 'odata,rest'
# copy sql driver
ENV MYSQL_VERSION 8.0.16
COPY --chown=jboss:jboss mysql-connector-java-${MYSQL_VERSION}.jar /tmp/mysql-connector-java-${MYSQL_VERSION}.jar
# Configure Wildfly server with mysql driver
# Database
ARG DB_NAME
ARG DB_USER
ARG DB_PASS
ARG DB_URI
RUN echo "=> Starting WildFly server" \
&& bash -c '$JBOSS_HOME/bin/standalone.sh -c standalone-teiid.xml &' \
&& echo "=> Waiting for the server to boot" \
&& bash -c 'until `$JBOSS_CLI -c ":read-attribute(name=server-state)" 2> /dev/null | grep -q running`; do echo `$JBOSS_CLI -c ":read-attribute(name=server-state)" 2> /dev/null`; sleep 1; done' \
&& echo "=> Adding MySQL module" \
&& $JBOSS_CLI --connect --command="module add --name=com.mysql --resources=/tmp/mysql-connector-java-${MYSQL_VERSION}.jar --dependencies=javax.api,javax.transaction.api" \
&& echo "=> Adding MySQL driver" \
&& $JBOSS_CLI --connect --command="/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.cj.jdbc.Driver)" \
# && $JBOSS_CLI --connect --command="/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.cj.jdbc.MysqlXADataSource)" \
&& echo "=> Creating a new datasource" \
# && $JBOSS_CLI --connect --command="xa-data-source add \
# --name=${DB_NAME} \
# --jndi-name=java:/${DB_NAME} \
# --user-name=${DB_USER} \
# --password=${DB_PASS} \
# --driver-name=mysql \
## --valid-connection-checker-class-name=com.mysql.cj.jdbc.integration.jboss.MysqlValidConnectionChecker \
## --exception-sorter-class-name=com.mysql.cj.jdbc.integration.jboss.ExtendedMysqlExceptionSorter \
# --xa-datasource-properties=[ServerName=db, PortNumber=3306, DatabaseName=${DB_NAME}, UseCursorFetch=true]\
# --use-ccm=false \
# --statistics-enabled=true \
# --enabled=true" \
&& $JBOSS_CLI --connect --command="data-source add \
--name=${DB_NAME} \
--jndi-name=java:/${DB_NAME} \
--user-name=${DB_USER} \
--password=${DB_PASS} \
--driver-name=mysql \
--connection-url=jdbc:mysql://${DB_URI}/${DB_NAME}?useCursorFetch=true \
--use-ccm=false \
--max-pool-size=25 \
--blocking-timeout-wait-millis=5000 \
--statistics-enabled=true \
--enabled=true" \
&& echo "=> Setting CORS headers" \
&& $JBOSS_CLI --connect --command="/subsystem=undertow/configuration=filter/response-header=Access-Control-Allow-Origin:add(header-name=Access-Control-Allow-Origin,header-value=*)" \
&& $JBOSS_CLI --connect --command="/subsystem=undertow/server=default-server/host=default-host/filter-ref=Access-Control-Allow-Origin:add" \
&& $JBOSS_CLI --connect --command="/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=secure,value=true)" \
&& echo "=> Shutting down WildFly and Cleaning up" \
&& $JBOSS_CLI --connect --command=":shutdown" \
&& rm -rf $JBOSS_HOME/standalone/configuration/standalone_xml_history/ $JBOSS_HOME/standalone/log/*
# Deploy VDB
COPY --chown=jboss:jboss ./vdb/svc-vdb.ddl $JBOSS_HOME/standalone/deployments
COPY --chown=jboss:jboss ./vdb/svc-vdb.ddl.dodeploy $JBOSS_HOME/standalone/deployments
USER jboss
ENV LAUNCH_JBOSS_IN_BACKGROUND true
# Expose Teiid server ports
EXPOSE 8080 9990 31000 35432
# Run Teiid server and bind to all interface
CMD ["/bin/sh", "-c", "$JBOSS_HOME/bin/standalone.sh -c standalone-teiid.xml -b 0.0.0.0 -bmanagement 0.0.0.0"]
```