Friday, 8 February 2019

Exposing Spinnaker UI endpoint from a helm based spinnaker install on PKS with NSX-T

I previously blogged about "Installing Spinnaker on Pivotal Container Service (PKS) with NSX-T running on vSphere" and then quickly invoking the UI using a "kubectl port-forward" as per this post.

http://theblasfrompas.blogspot.com/2019/02/installing-spinnaker-on-pivotal.html

That will work BUT but it won't get you too far so his what you would need to do so the UI works completely using the spin-gate API endpoint.

Steps (Once Spinnaker is Running)

1. Expose spin-deck and spin-gate to create external LB IP's. This is where NSX-T with PKS on prem is extremely useful as NSX-T has LB capability for your K8's cluster services you create making it as easier then using public cloud LB with Kubernetes.

$ kubectl expose service -n default spin-deck --type LoadBalancer --port 9000 --target-port 9000 --name spin-deck-public
service/spin-deck-public exposed

$ kubectl expose service -n default spin-gate --type LoadBalancer --port 8084 --target-port 8084 --name spin-gate-public
service/spin-gate-public exposed

2. That will create us two external IP's as shown below

$ kubectl get svc

...

NAME                 TYPE                 CLUSTER-IP     EXTERNAL-IP  PORT(S) AGE
spin-deck-public  LoadBalancer    10.100.200.200   10.195.44.1,100.64.128.15  9000:30131/TCP ..
spin-gate-public   LoadBalancer    10.100.200.5       10.195.44.2,100.64.128.15  8084:30312/TCP ..

...

3. Exec into hal pod using a command as follows

$ kubectl exec --namespace default -it myspinnaker-spinnaker-halyard-0 bash


4. Run these commands in order on the hal pod. Make sure you use the right IP address as per the output at #2 above. UI = spin-deck-public where API = spin-gate-public

$ hal config security ui edit --override-base-url http://10.195.44.1:9000
$ hal config security api edit --override-base-url http://10.195.44.2:8084
$ hal deploy apply

5. Port forward spin-gate on your localhost. Shouldn't really need to do this BUT for some reason it was required I suspect at some point this won't be required.

$ export GATE_POD=$(kubectl get pods --namespace default -l "cluster=spin-gate" -o jsonpath="{.items[0].metadata.name}")
$ echo $GATE_POD
$ kubectl port-forward --namespace default $GATE_POD 8084
spin-gate-85cc7465bd-v2q2l
Forwarding from 127.0.0.1:8084 -> 8084
Forwarding from [::1]:8084 -> 8084

6. Access UI using IP of spin-deck-public


If it worked you should see screen shots as follows showing that we can access the tabs and "Create Application" without errors accessing the gate API endpoint







No comments: