Skip to content

Platform Provided Ingress & OpenShift Routes

Jump to bottom
Eva Tuczai edited this page Sep 30, 2022 · 19 revisions

Platform Provided Ingress & OpenShift Routes

This document describes how to configure your own Ingress to route requests to the Turbobomic Servier. To get the IP address/URL of the Turbonomic UI, you will use either the default configuration that provides the nginx service (type loadbalancer), configure an ingress, or use an OpenShift route.

If you are looking for instructions on how to configure the product provided nginx service as the LoadBalancer type, and therefore want to configure this service with options such as a private IP, or NBL, etc, refer back to this portion of the deployment page covering NGINX Service Configuration Options

Working with a Platform Provided Ingress

Turbonomic provides NGINX as a service to handle routing traffic to the Turbo UI. You can configure your own Ingress or Route, and then configure NGINX based on the version of Turbonomic you are running.

NGINX as Proxy + bring your own Ingress/Route

Starting with Turbonomic 8.3.2, you can now configure nginx as a ClusterIP type service, allowing you to use your own ingress / route, and still maintain the Turbonomic internal routing rules and leverage nginx as a proxy. This is required to leverage embedded reporting on your Turbonomic instance. You will use the parameter of nginxIsPrimaryIngress set to false.

  kind: XL
  metadata:
    name: xl-release
  spec:
    global:
      tag: 8.4.4
    nginx:
      nginxIsPrimaryIngress: false
      httpsRedirect: false
    #use the following parameters if you would like Turbo to create a single OCP route that will point to the nginx service
    #openshiftingress:
    #  enabled: true
    #nginxingress:
    #  enabled: true

OCP Routes for Turbonomic: enabled by CR

You can have the Turbonomic operator create the Routes you need to access the Turbo backend.

OCP Routes and Turbo

For the latest version of Turbonomic as of v8.3.2 (Sept 22, 2021). The following configuration will deploy nginx as a proxy, and create a single Route which will point to the nginx proxy, which is all that is needed:

  kind: XL
  metadata:
    name: xl-release
  spec:
    global:
      tag: 8.4.4
    nginx:
      nginxIsPrimaryIngress: false
      httpsRedirect: false
    nginxingress:
      enabled: true
    openshiftingress:
      enabled: true

The name of the default route created with be nginx. To identify the hostname that you will use for your Turbo UI URL, while in the Turbonomic platform Project go to Networking -> Routes and find the nginx route. The location for the route nginx is the Turbonomic UI URL. Examples of the default location that is created include nginx-yourNamespaceName.apps.yourOCPDomain.

This method will create a route for the following services using a basic configuration with tls.termination: edge; tls.insecure, EdgeTerminationPolicy: Redirect, and using either the default ingress domain or one you define. Details of the routes created are described here. Services are:

  • ui
  • ui-app
  • ui-assets
  • ui-doc
  • api
  • swagger
  • vmturbo-rest (older api)
  • vmturbo-saml2
  • vmturbo-oauth2
  • ws-messages
  • reports
  • topology-processor

OCP Route for Turbonomic UI: manual

OCP Routes user created - all capabilities

If you are running Turbo version 8.3.2+, and set up the nginx service as a ClusterIP type, and want to create your own Route, you will first set up the Turbo CR

  kind: XL
  metadata:
    name: xl-release
  spec:
    global:
      tag: 8.4.4
    nginx:
      nginxIsPrimaryIngress: false
      httpsRedirect: false

And then you only need to manually create a single Route with the following properties:

name: turbonomic-secure (or whatever name you want)
spec.host: URL or IP address for all Turbo functions
to.kind: Service
to.name: nginx 
port.targetPort: http-nginx (this will be 80)
tls.termination: edge
tls.insecureEdgeTerminationPolicy: Redirect

You can leverage your own certificates, or use the default one on the OCP Router.

Ingress Minimum Requirements

Ingress user created - all capabilities (Turbo 8.3.2+)

To get all capabilities, only one ingress is required, and this will allow nginx to redirect to other Turbo components. UI Endpoint or Backend Properties will point to "nginx" component:

Path: / 
ServiceName: NGINX
ServicePort: 80
Protocol: HTTP, TCP

Optional: Route/Ingress specific to remote probes

To allow a remote probe such as Kubeturbo or Prometurbo to connect to the Turbo Server you can either specify the same route/ingress as used for the Turbo Server UI (aka the nginx route) or you can create a separate route/ingress that is specifically used by remote probes. This ingress will define a separate host and route to the topology-processor service, which is the Turbonomic component that probes talk to. Your ingress controller can then be configured to provide the TLS termination, and certificate, and will pass an HTTP request to our service(s).

Remote Target Endpoint or Backend Properties are:

Path: / 
ServiceName: TOPOLOGY-PROCESSOR
ServicePort: 8080
Protocol: HTTP, TCP

Istio Support

Turbonomic supports working with Istio, where you have the option to create a gateway with the Turbonomic operator, or leverage your platform provided gateway to create the virtual services routes that need to be configured in your gateway to be able to access the Turbonomic application.

For details on virtual services matching uri and routes, or how to create a Turbonomic gateway see: https://github.com/turbonomic/t8c-install/blob/master/operator/helm-charts/xl/templates/istio.yaml.

Reach out to Turbonomic for more information.

Clone this wiki locally