Node-Client WebUI Deployment
In addition to Node-Client CLI, a web interface is also provided. A deployment of Node-Client web server is through a helm chart on Kubernetes.
Node-Client WebUI Helm Installation (Quick Start)
A matching helm chart version for Node-Wizard 0.3.x versions is 0.1.0.
helm repo add cluster-wizard https://charts.cluster-wizard.com/
helm search repo cluster-wizard/node-client-webui --versions
helm fetch cluster-wizard/node-client-webui --version 0.1.0 --untar
helm -n node-client install node-client ./node-client-webui \
--create-namespace --values ./override.yaml
Assuming that
- Website address is node-client.example.com
- A tls key and certificate are provided in Kubernetes secret named tls-secret
- Login credentials are admin / admin123
- Load Balancer is used for exposing website externally, and the load balancer ip is 192.168.132.242.
The URL needs to be a valid DNS entry.
The override yaml file will be like
---
configMap:
backendUrl: "node-client.example.com:23051"
frontendUrl: "node-client.example.com"
expose:
internalTLS:
enabled: true
secretName: "tls-secret"
type: loadBalancer
loadBalancer:
IP: "192.168.132.242"
ports:
frontPort: 443
backPort: 23051
secret:
username: "admin"
password: "admin123"
The certificate need to be trusted by client system/browsers.
Various Expose Methods
There are a few more methods for exposing services: ingress, proxy server (with clusterIP service) and nodePort. The following figure shows the expose methods with their override value sections.
Ingress
Kubernetes Ingress is an API object that manages external access to services within a cluster, typically HTTP and HTTPS traffic.
In the helm chart, rewrite rules was added such that backend server URL is in a form of [frontend server URL]/backend. These annoations are for Nignx and HAProxy ingress classes. If a different ingress class is used, appropriate annotations need to be added.
The following example override yaml file is for the case where
- haproxy ingress class is used
- A cert manager's cluster issuer (named selfsigned-cluster-issuer) is used for automatic certificate generation
- The complete frontend server URL is https://node-client.example.com
configMap:
backendUrl: "node-client.example.com/backend"
frontendUrl: "node-client.example.com"
expose:
type: ingress
ingress:
tls:
enabled: true
clusterIssuer: "selfsigned-cluster-issuer"
certSource: "secret"
secretName: "node-client.example.com"
host: node-client.example.com
className: "haproxy"
For http service, remove the tls section.
Over Proxy Server
A proxy server is an intermediary server that sits between clients and other servers. It acts as a gateway, receiving requests from clients and forwarding them to destination servers, then returning the responses back to the clients.
In Kubernetes clusters, an application proxy server (such as Nginx Proxy server and HAProxy) is often used. We can use a proxy server to expose node-client-webui servers.
Depending on how a proxy server is configured, override is similar either to that of ingress or to that of load balancer. If the proxy server provides TLS communication, tlsOverProxy.enabled should be true. The FrontendURL and BackendURL should be set accordingly.
The following example shows how to specify value override when
- tls commuincation is provided by a proxy server
- the same rewrite rule is implemented in a proxy server
---
configMap:
backendUrl: "node-client.example.com/backend"
frontendUrl: "node-client.example.com"
expose:
tlsOverProxy:
enabled: true
This will create a Kubernetes service object of clusterIP type. A proxy server forwards requests to the frontend/backend server to this service.
Node Port
NodePort is a type of Kubernetes Service that exposes an application running in a cluster by allocating a specific port on every node in the cluster. It's one of the primary ways to make services accessible from outside the Kubernetes cluster.
NodePort value override is similar to that of load balancer. A simple example is shown below.
---
configMap:
backendUrl: "node-client.example.com:30003"
frontendUrl: "node-client.example.com:30002"
expose:
internalTLS:
enabled: true
secretName: "tls-secret"
type: nodePort
To add a host, a token for node-wizard is necessary. This token will be printed when node-wizard is installed. To retrieve this token, run the following command.
sudo /root/bin/node_wizard/node-wizard --token
To attach a PCI device, its PCI address needs to be added to allowed (PCI address) list.
# Add a PCI address to the allowed list
sudo /root/bin/node_wizard/node-wizard --add-allowed [PCI address]
# To print the list
sudo /root/bin/node_wizard/node-wizard --list-allowed
To prevent a bridge to be attached, the network device/bridge needs to be added to disallowd list
# Add a PCI address to the allowed list
sudo /root/bin/node_wizard/node-wizard --add-disallowed [network device/bridge]
# To print the list
sudo /root/bin/node_wizard/node-wizard --list-disallowed