367 lines
13 KiB
Markdown
367 lines
13 KiB
Markdown
# Ingress
|
|
|
|
Ingress is what we call "Reverse Proxy" in the UI and in the user side of the documentation. Please be aware that those refer to the same system. An Ingress is, simply put, just Kubernetes way of connecting outsides to Apps running in containers.
|
|
|
|
### Ingress Types
|
|
|
|
We currently support:
|
|
- HTTP via Ingres
|
|
- HTTP via Traefik IngressRoute (HTTP-IR)
|
|
- TCP via Traefik IngressRouteTCP
|
|
- UDP via Traefik IngressRouteUDP
|
|
|
|
From questions.yaml and the UI, these can be changed with selecting another "Type". However: Under the hood IngressRoutes and Ingress are totally different beasts and have a seperate creation process. Errors for Plain HTTP do NOT have to be present in HTTP-IR.
|
|
|
|
It's also important to note that TCP (and even more so: UDP) have less options available. The example configurations below contain a mostly complete overview of what is currently available and reasonable.
|
|
|
|
##### Ingress and Services
|
|
|
|
It's important to know what Ingress does, before you start creating ingresses in questions.yaml. Ingresses send outside Traffic, to a kubernetes Service, which in turn forwards traffic to the actual containers.
|
|
|
|
This means that every container needs to know how to reach their Service. If they do not, things go wrong.
|
|
|
|
To ensure this, it's adviced to keep the names of your Ingresses the same as the names of your services. We made sure the ingress would automatically detect (and connect to) the main port of a Service with the same name.
|
|
|
|
However: In case you need to do this differently, need to connect to additionalServices and/or need to connect to a secondary port, you can manually set both the serviceName and servicePort in questions.yaml. We advice however, to only do so if absolutely necessary!
|
|
|
|
##### The Main Ingress
|
|
|
|
The main Ingress and Main service take an important role in our standardisation. Where the main Service is used for healthchecks and the "portal" button, the main Ingress is just used for the portal button.
|
|
|
|
However: As the maintainers expect new features to be connecting to the main service and main ingress, it will cause problems if you decide to bypass/ignore these.
|
|
|
|
### Standards/Examples
|
|
|
|
We try to maintain as much of a standardised questions.yaml format as possible, to ensure (bulk) editing stays as easy as possible.
|
|
|
|
##### HTTP Ingress
|
|
|
|
```
|
|
- variable: ingress
|
|
label: ""
|
|
group: "Reverse Proxy Configuration"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: webui
|
|
label: "Web Reverse Proxy Configuration"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable Web Reverse Proxy"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: type
|
|
label: "Reverse Proxy Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
hidden: true
|
|
editable: false
|
|
required: true
|
|
- variable: serviceName
|
|
label: "Service name to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: "Select Entrypoint"
|
|
schema:
|
|
type: string
|
|
default: "websecure"
|
|
required: true
|
|
enum:
|
|
- value: "websecure"
|
|
description: "Websecure: HTTPS/TLS port 443"
|
|
- variable: hosts
|
|
label: "Hosts"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: host
|
|
label: "Host"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: host
|
|
label: "Domain Name"
|
|
required: true
|
|
schema:
|
|
type: string
|
|
- variable: path
|
|
label: "path"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
hidden: true
|
|
default: "/"
|
|
- variable: certType
|
|
label: "Select Certificate Type"
|
|
schema:
|
|
type: string
|
|
default: "selfsigned"
|
|
enum:
|
|
- value: ""
|
|
description: "No Encryption/TLS/Certificates"
|
|
- value: "selfsigned"
|
|
description: "Self-Signed Certificate"
|
|
- value: "ixcert"
|
|
description: "TrueNAS SCALE Certificate"
|
|
- variable: certificate
|
|
label: "Select TrueNAS SCALE Certificate"
|
|
schema:
|
|
type: int
|
|
show_if: [["certType", "=", "ixcert"]]
|
|
$ref:
|
|
- "definitions/certificate"
|
|
- variable: authForwardURL
|
|
label: "Forward Authentication URL"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
|
|
```
|
|
|
|
##### TCP Ingress
|
|
|
|
```
|
|
- variable: tcp
|
|
label: "TCP Reverse Proxy Configuration"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable TCP Reverse Proxy"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: type
|
|
label: "Select Reverse Proxy Type"
|
|
schema:
|
|
type: string
|
|
default: "TCP"
|
|
required: true
|
|
editable: false
|
|
hidden: true
|
|
- variable: serviceName
|
|
label: "Service name to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: "Select Entrypoint"
|
|
schema:
|
|
type: string
|
|
default: "torrent-tcp"
|
|
required: true
|
|
enum:
|
|
- value: "torrent-tcp"
|
|
description: "Torrent-TCP: port 51413"
|
|
```
|
|
|
|
##### UDP Ingress
|
|
|
|
```
|
|
- variable: udp
|
|
label: "UDP Reverse Proxy Configuration"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable UDP Reverse Proxy"
|
|
schema:
|
|
type: boolean
|
|
default: false
|
|
show_subquestions_if: true
|
|
subquestions:
|
|
- variable: type
|
|
label: "Select Reverse Proxy Type"
|
|
schema:
|
|
type: string
|
|
default: "UDP"
|
|
required: true
|
|
editable: false
|
|
hidden: true
|
|
- variable: serviceName
|
|
label: "Service name to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: "Select Entrypoint"
|
|
schema:
|
|
type: string
|
|
default: "torrent-udp"
|
|
required: true
|
|
enum:
|
|
- value: "torrent-udp"
|
|
description: "Torrent-UDP: port 51413"
|
|
```
|
|
|
|
### Other Ingress options
|
|
|
|
There are a few other options that are rarely (if ever) used.
|
|
|
|
##### servicePort
|
|
|
|
```
|
|
- variable: servicePort
|
|
label: "Service Port to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: int
|
|
default: 80
|
|
```
|
|
|
|
|
|
##### serviceKind
|
|
|
|
```
|
|
- variable: serviceKind
|
|
label: "Service Kind to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
```
|
|
|
|
|
|
### External Services
|
|
|
|
The externalServices option, is actually mostly an Ingress "under the hood" which just creates a very small (minimal) service.
|
|
|
|
```
|
|
- variable: externalServices
|
|
label: "(Advanced) Add External Services"
|
|
group: "Advanced"
|
|
schema:
|
|
type: list
|
|
default: []
|
|
items:
|
|
- variable: externalService
|
|
label: "External Service"
|
|
schema:
|
|
type: dict
|
|
attrs:
|
|
- variable: enabled
|
|
label: "Enable Web Reverse Proxy"
|
|
schema:
|
|
type: boolean
|
|
hidden: true
|
|
editable: false
|
|
default: true
|
|
- variable: type
|
|
label: "Reverse Proxy Type"
|
|
schema:
|
|
type: string
|
|
default: "HTTP"
|
|
hidden: true
|
|
editable: false
|
|
required: true
|
|
- variable: serviceName
|
|
label: "Service name to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
- variable: serviceTarget
|
|
label: "IP Adress of the external service"
|
|
schema:
|
|
hidden: false
|
|
editable: true
|
|
required: true
|
|
type: string
|
|
default: "192.168.0.0"
|
|
- variable: servicePort
|
|
label: "External Service Port"
|
|
description: "The port on the external service you want to proxy"
|
|
schema:
|
|
hidden: false
|
|
required: true
|
|
editable: true
|
|
type: int
|
|
default: 80
|
|
- variable: serviceType
|
|
label: "Connection Type"
|
|
description: "Connection Type between Traefik and the external service"
|
|
schema:
|
|
hidden: false
|
|
editable: true
|
|
required: true
|
|
default: "HTTP"
|
|
type: string
|
|
enum:
|
|
- value: "HTTP"
|
|
description: "HTTP"
|
|
- value: "HTTPS"
|
|
description: "HTTPS"
|
|
- variable: serviceKind
|
|
label: "Service Kind to proxy to"
|
|
schema:
|
|
hidden: true
|
|
editable: false
|
|
type: string
|
|
default: ""
|
|
- variable: entrypoint
|
|
label: "Select Entrypoint"
|
|
schema:
|
|
type: string
|
|
default: "websecure"
|
|
required: true
|
|
enum:
|
|
- value: "websecure"
|
|
description: "Websecure: HTTPS/TLS port 443"
|
|
- variable: host
|
|
label: "Domain Name"
|
|
required: true
|
|
schema:
|
|
type: string
|
|
- variable: path
|
|
label: "path"
|
|
schema:
|
|
type: string
|
|
required: true
|
|
hidden: false
|
|
default: "/"
|
|
- variable: certType
|
|
label: "Select Certificate Type"
|
|
schema:
|
|
type: string
|
|
default: "selfsigned"
|
|
enum:
|
|
- value: ""
|
|
description: "No Encryption/TLS/Certificates"
|
|
- value: "selfsigned"
|
|
description: "Self-Signed Certificate"
|
|
- value: "ixcert"
|
|
description: "TrueNAS SCALE Certificate"
|
|
- variable: certificate
|
|
label: "Select TrueNAS SCALE Certificate"
|
|
schema:
|
|
type: int
|
|
show_if: [["certType", "=", "ixcert"]]
|
|
$ref:
|
|
- "definitions/certificate"
|
|
- variable: authForwardURL
|
|
label: "Forward Authentication URL"
|
|
schema:
|
|
type: string
|
|
default: ""
|
|
```
|