Use https with HCL Connections Component Pack 6.5 from IHS to K8S

Question

The Component Pack documentation uses http for the connection from IHS to the Kubernetes backend. This is not up-to-date any more, so I'd like to use https for those backend connection as well as in IHS like this:

User <----- https -----> IHS <----- https -----> K8S Backend

Following HCLs documentation, we just got

User <----- https -----> IHS <----- http -----> K8S Backend

Component Packs ingress doesn't have any configuration options for https documented.

Answer 1

I unpacked the chart and looked at it's default values.yml. It seems that IBM/HCL doesn't follow the Helm template, which allow configuring https in almost any charts using ingress.tls.

The only possible way seems to be manually modifying our ingress ressources like this:

1. kubectl edit ing cnx-ingress-orient-me
2. Replace * by a subdomain (e.g. ing): - host: ing.k8s.internal
3. Add a tls section in spec:

 tls:
  - hosts:
    - ing.k8s.internal

4. Save the changes and verify your ingress is avaliable using https, for example with the comp

   curl "https://ing.k8s.internal/social/views/login.html" --head should return HTTP/2 200

We need to repat this for all deployed ingress ressources. When all features are deployed, there are 4:

$ kging | grep -v NAME | awk '{print $1}'
cnx-ingress-appreg
cnx-ingress-orient-me
cnx-ingress-sanity
external-service

Automation

Its also possible to automate those changes by exporting the ingress to a file:

kubectl get ing cnx-ingress-orient-me -o yaml > /tmp/ing.yml

No we can search/replace using sed

# Replaces the general HTTP listen hostname
sed -i "s/host: '\*\./ing./g" /tmp/ing.yml
# Adds tls-tree with corresponding indention
sed "s/\(\s*\)\(rules:\)/tls:\n\1- hosts:\n\1\1- ing.k8s.internal\n\1\2/g" /tmp/ing.yml

To apply our changes:

kubectl replace -f /tmp/ing.yml