NodePort
or LoadBalancer
.enabled:true
) (See point 4 below for using an existing ingress controller) and that access to the service is set through type:
NodePort
type
provided in the TVM CR, the ingress service (k8s-triliovault-ingress-nginx-controller
) Type is set accordingly on the service resourceupstream-tvk.demo.presales.trilio.io
tlsSecretName
that has the TLS information should be provided. More information on HTTPS access is provided below.ingressClass
and annotations
parameters should be used.host
that was set within the resource.host
value is set to ""upstream-tvk.demo.presales.trilio.io
(depending on the host value specified above) to the {PUBLIC_NODE_IP}
for NodePort or {LB_IP}
for Load Balancer.sudo vi /etc/hosts
/etc/hosts
file for the IPs, so your file should look like thishost
value in TVM CR is sethost
value in TVM CR is sethttp
(port 80) -> http://upstream-tvk.demo.presales.trilio.io:31200/logink8s-triliovault-ingress-tls-certs
is a default certificate generated during TVK deployment. However, users should provide a correct secret specific to their environment with TLS information as explained below.secret
and provide it as a part of ingress resource:secret
ssl-certs
using custom SSL certificate tls.crt
and key tls.key
in the tvk-namespace
namespace where TVK is deployedkubectl create secret tls ssl-certs --cert tls.crt --key tls.key -n tvk-namespace
tlsSecretName
https
(port 443) -> https://upstream-tvk.demo.presales.trilio.io:30452/logindefault
, which is present in the openshift-ingress-operator
. So the hostname used for the TVK Ingress host is the domain supported by this controller (refer to status.domain
of the IngressController
resource).<install-namespace>.<default-ingress-controller-domain>
abcd.<default-ingress-controller-domain>
k8s-triliovault-ingress-server-certs
is a default secret generated during TVK deployment which contains the Ingress-controller's TLS certificate.host
field of ingress (kubectl get ingress k8s-triliovault)
, and use that host to access UI on https://custom-domain.com/
(goes to port 443 (default))ssl-certs
using custom SSL certificate tls.crt
and key tls.key
in the <install-namespace>
namespace where TVK is deployed.tls:
to the ingress resource, in parallel to the existing rules:
section. Then save the updated ingress resource.Lets Encrypt
or Cert-Manager
can be leveraged to generate valid SSL certificates for a domain.k8s-triliovault
Ingress resource. To remove TLS section from ingress `k8s-triliovault`, edit the ingress resource (`kubectl edit ingress k8s-triliovault`) and remove the TLS section present, as follows:http://custom-domain.com/
k8s-triliovault-web
to launch the management console.