Configure access to the Portworx Backup UI
If the standard Portworx Backup UI endpoint configuration does not meet your requirements, you can configure access using HTTPS, access it through the load balancer, or even navigate to one of your node IPs directly.
Configure access to the UI on Kubernetes
This section shows you how you can configure access to the Portworx Backup UI on Kubernetes.
Expose the UI on ingress and configure access using HTTPS
You can configure access to Portworx Backup through HTTPS by creating an ingress rule.
-
Modify and paste the following spec into your one of your Portworx Backup nodes, entering your own values for the following:
- spec.rules.host: specify the name of the host on which you've installed Portworx Backup
- spec.tls.hosts specify the name of the host on which you've installed Portworx Backup
- spec.tls.hosts.secretName: specify the name of the secret that holds your Kubernetes TLS certificates
cat <<< '
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingress.bluemix.net/redirect-to-https: "True"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/x-forwarded-port: "443"
name: px-backup-ui-ingress
namespace: px-backup
spec:
rules:
- host: <px-backup-host>
http:
paths:
- backend:
service:
name: px-backup-ui
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- <px-backup-host>
secretName: <TLS-backup-secret>
' > /tmp/px-backup-ui-ingress.yaml -
Apply the spec:
kubectl apply -f /tmp/px-backup-ui-ingress.yaml
-
Retrieve the
INGRESS_ENDPOINT
using thekubectl get ingress
command:kubectl get ingress px-backup-ui-ingress --namespace px-backup -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
Once you have retrieved the
INGRESS_ENDPOINT
, you can use it to access the Portworx Backup user interface with the HTTPS scheme. Use the default credentials (admin/admin) to log in:https://INGRESS_ENDPOINT
Additionally, you can access the Keycloak UI at the
/auth/
path:https://INGRESS_ENDPOINT/auth/
Access the Portworx Backup UI using a node IP
You can access Portworx Backup by directly navigating to one of your node's IP addresses.
-
Find the public/external IP (NODE_IP) of any node in your current Kubernetes cluster.
-
Find the node port (NODE_PORT) of the
px-backup-ui
service.
Once you have found the node IP and port, you can combine them to access the Portworx Backup UI:
http://NODE_IP:NODE_PORT
Additionally, you can access the Keycloak UI at the /auth/
path:
http://NODE_IP:NODE_PORT/auth/
You can access Portworx Backup user interface with node IP in both internet-connected and air-gapped environments.
Access the Portworx Backup UI using the load balancer endpoint
You can also the access Portworx Backup UI by navigating to the load balancer using either its host name or IP address.
-
Get the loadbalancer endpoint (LB_ENDPOINT) using one of the following commands:
-
Host:
kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"`
-
IP:
kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
Once you have retrieved the load balancer endpoint, you can use it to access the Portworx Backup user interface:
http://LB_ENDPOINT
You can access the Keycloak UI at the
/auth/
path:http://LB_ENDPOINT/auth/
-
Configure access to the Portworx Backup on OpenShift
This section shows how you can configure access to the Portworx Backup user interface on OpenShift.
Access the Portworx Backup UI using a route
-
Open the web console, go to Networking > Routes, and then select the Create Route button.
-
On the Create Route page, configure your route by populating the following fields:
- Name: enter a descriptive name
- Hostname: specify a public hostname. If you leave this field empty, OpenShift will generate a hostname.
- Path: leave this field unchanged.
- Service: choose
px-backup-ui
from the drop-down list. - Target Port: choose
80 -> 8080
-
When you have finished configuring your route, select the Create button.
-
OpenShift now displays a link to the Portworx Backup UI on the Routes page. To access Portworx Backup, select that link.
If the customer is using AVI load balancer, disable HTTP-only cookies in the AVI web-console to resolve Keycloak access error. To disable, HTTP-only Cookies option, from the AVI home page, navigate to Virtual Services > edit ingress service > Settings > Profiles > Application Profile > choose System-Secure-HTTP from the drop down and then click edit icon > navigate to Security tab > deselect HTTP-only Cookies option.