Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 7. Exposing the RHACS portal over HTTP
Enable an unencrypted HTTP server to expose the RHACS portal through ingress controllers, Layer 7 load balancers, Istio, or other solutions.
If you use an ingress controller, Istio, or a Layer 7 load balancer that prefers unencrypted HTTP back ends, you can configure Red Hat Advanced Cluster Security for Kubernetes to expose the RHACS portal over HTTP. Doing this makes the RHACS portal available over a plaintext back end.
To expose the RHACS portal over HTTP, you must be using an ingress controller, a Layer 7 load balancer, or Istio to encrypt external traffic with HTTPS. It is insecure to expose the RHACS portal directly to external clients by using plain HTTP.
You can expose the RHACS portal over HTTP during installation or on an existing deployment.
7.1. Prerequisites
To specify an HTTP endpoint you must use an
<endpoints_spec>. It is a comma-separated list of single endpoint specifications in the form of<type>@<addr>:<port>, where:-
typeisgrpcorhttp. Usinghttpas type works in most use cases. For advanced use cases, you can either usegrpcor omit its value. If you omit the value fortype, you can configure two endpoints in your proxy, one for gRPC and the other for HTTP. Both these endpoints point to the same exposed HTTP port on Central. However, most proxies do not support carrying both gRPC and HTTP traffic on the same external port. -
addris the IP address to expose Central on. You can omit this, or uselocalhostor127.0.0.1if you need an HTTP endpoint which is only accessible by using port-forwarding. -
portis the port to expose Central on. The following are several valid
<endpoints_spec>values:-
8080 -
http@8080 -
:8081 -
grpc@:8081 -
localhost:8080 -
http@localhost:8080 -
http@8080,grpc@8081 -
8080, grpc@:8081, http@0.0.0.0:8082
-
-
7.2. Exposing the RHACS portal over HTTP during the installation
If you are installing Red Hat Advanced Cluster Security for Kubernetes using the roxctl CLI, use the --plaintext-endpoints option with the roxctl central generate interactive command to enable the HTTP server during the installation.
Procedure
Run the following command to specify an HTTP endpoint during the interactive installation process:
$ roxctl central generate interactive \ --plaintext-endpoints=<endpoints_spec>1 - 1
- Endpoint specifications in the form of
<type>@<addr>:<port>. See the Prerequisites section for details.
7.3. Exposing the RHACS portal over HTTP for an existing deployment
You can enable the HTTP server on an existing Red Hat Advanced Cluster Security for Kubernetes deployment.
Procedure
Create a patch and define a
ROX_PLAINTEXT_ENDPOINTSenvironment variable:$ CENTRAL_PLAINTEXT_PATCH=' spec: template: spec: containers: - name: central env: - name: ROX_PLAINTEXT_ENDPOINTS value: <endpoints_spec>1 '- 1
- Endpoint specifications in the form of
<type>@<addr>:<port>. See the Prerequisites section for details.
Add the
ROX_PLAINTEXT_ENDPOINTSenvironment variable to the Central deployment:$ oc -n stackrox patch deploy/central -p "$CENTRAL_PLAINTEXT_PATCH"
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}