mirror of
https://github.com/kubevirt/containerized-data-importer.git
synced 2025-06-03 06:30:22 +00:00
9c9758c6c0
Signed-off-by: rick <LinuxSuRen@users.noreply.github.com> Co-authored-by: rick <LinuxSuRen@users.noreply.github.com>
79 lines
2.4 KiB
Markdown
79 lines
2.4 KiB
Markdown
# Exposing CDI Upload Proxy
|
|
The purpose of this document is to show how to expose CDI Upload Proxy service in a production environment.
|
|
|
|
## Prerequesites
|
|
You have a Kubernetes cluster up and running with CDI installed.
|
|
|
|
In order to upload data to your cluster, the cdi-uploadproxy service must be accessible from outside the cluster.
|
|
This can be achieved using Ingress (Kubernetes) or Route (Openshift).
|
|
|
|
|
|
### Kubernetes
|
|
|
|
Before starting to work with Ingress resource, you will need to setup an Ingress Controller. Simply creating the resource will take no affect.
|
|
There are number of [Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) you can choose from.
|
|
|
|
Create Ingress for the upload proxy:
|
|
|
|
|
|
```bash
|
|
cat <<EOF | kubectl apply -f -
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: cdi-uploadproxy-ingress
|
|
namespace: cdi
|
|
annotations:
|
|
nginx.org/ssl-services: "cdi-uploadproxy"
|
|
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
spec:
|
|
rules:
|
|
# change to a valid FQDN in your organization
|
|
- host: cdi-uploadproxy.example.com
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: cdi-uploadproxy
|
|
port:
|
|
number: 443
|
|
path: /*
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
# change to a valid FQDN in your organization
|
|
- cdi-uploadproxy.example.com
|
|
EOF
|
|
```
|
|
|
|
|
|
### Openshift
|
|
|
|
Using router wildcard certificate and generated hostname with reencrypt route:
|
|
|
|
```bash
|
|
oc get cm -n cdi cdi-uploadproxy-signer-bundle -o=jsonpath="{.data['ca-bundle\.crt']}" > tls.crt && \
|
|
oc create route reencrypt -n cdi --service=cdi-uploadproxy --dest-ca-cert=tls.crt && \
|
|
rm tls.crt
|
|
```
|
|
|
|
Using your own key/cert with passthrough route
|
|
|
|
```bash
|
|
oc delete secret -n cdi cdi-uploadproxy-server-cert && \
|
|
oc create secret tls -n cdi cdi-uploadproxy-server-cert --key tls.key --cert tls.crt && \
|
|
oc create route passthrough -n cdi --service=cdi-uploadproxy && \
|
|
oc delete pod -n cdi -l cdi.kubevirt.io=cdi-uploadproxy
|
|
```
|
|
|
|
### Upload an Image
|
|
|
|
Assuming you completed the steps in [Upload document](upload.md) execute the following to upload the image:
|
|
|
|
```bash
|
|
curl -v -H "Authorization: Bearer $TOKEN" --data-binary @tests/images/cirros-qcow2.img https://cdi-uploadproxy.example.com/v1beta1/upload
|
|
```
|