Configure access to the Portworx Backup UI
If the standard Portworx Backup UI endpoint configuration does not meet your requirements, you can configure access using HTTPS, access it through the load balancer, or even navigate to one of your node IPs directly.
Configure access to the UI on Kubernetes
This section shows you how you can configure access to the Portworx Backup UI on Kubernetes.
Expose the UI on ingress and configure access using HTTPS
You can configure access to Portworx Backup through HTTPS by creating an ingress rule.
Modify and paste the following spec into your one of your Portworx Backup nodes, entering your own values for the following:
spec.rules.host: specify the name of the host on which you've installed Portworx Backup
spec.tls.hosts specify the name of the host on which you've installed Portworx Backup
spec.tls.hosts.secretName: specify the name of the secret that holds your Kubernetes TLS certificates
cat <<< '
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
ingress.bluemix.net/redirect-to-https: "True"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/x-forwarded-port: "443"
name: px-backup-ui-ingress
namespace: px-backup
spec:
rules:
- host: <px-backup-host>
http:
paths:
- backend:
service:
name: px-backup-ui
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- <px-backup-host>
secretName: <TLS-backup-secret>
' > /tmp/px-backup-ui-ingress.yaml
Apply the spec:
kubectl apply -f /tmp/px-backup-ui-ingress.yaml
Retrieve the
INGRESS_ENDPOINT
using thekubectl get ingress
command:kubectl get ingress px-backup-ui-ingress --namespace px-backup -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"
Once you have retrieved the
INGRESS_ENDPOINT
, you can use it to access the Portworx Backup user interface with the HTTPS scheme. Use the default credentials (admin/admin) to log in:https://INGRESS_ENDPOINT
Additionally, you can access the Keycloak UI at the
/auth/
path:https://INGRESS_ENDPOINT/auth/
Access the Portworx Backup UI using a node IP
You can access Portworx Backup by directly navigating to one of your node's IP addresses.
Find the public/external IP (NODE_IP) of any node in your current Kubernetes cluster.
Find the node port (NODE_PORT) of the
px-backup-ui
service.Once you have found the node IP and port, you can combine them to access the Portworx Backup UI:
http://NODE_IP:NODE_PORT
Additionally, you can access the Keycloak UI at the
/auth/
path:http://NODE_IP:NODE_PORT/auth/
noteYou can access Portworx Backup user interface with node IP in both internet-connected and air-gapped environments.
Access the Portworx Backup UI using the load balancer endpoint
You can also the access Portworx Backup UI by navigating to the load balancer using either its host name or IP address.
Get the loadbalancer endpoint (LB_ENDPOINT) using one of the following commands:
Host:
kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"`
IP:
kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`
Once you have retrieved the load balancer endpoint, you can use it to access the Portworx Backup user interface:
http://LB_ENDPOINT
You can access the Keycloak UI at the
/auth/
path:http://LB_ENDPOINT/auth/
Configure access to the Portworx Backup on OpenShift
This section shows how you can configure access to the Portworx Backup user interface on OpenShift.
Access the Portworx Backup UI using a route
Open the web console, go to Networking > Routes, and then select the Create Route button.
On the Create Route page, configure your route by populating the following fields:
- Name: enter a descriptive name
- Hostname: specify a public hostname. If you leave this field empty, OpenShift will generate a hostname.
- Path: leave this field unchanged.
- Service: choose
px-backup-ui
from the drop-down list. - Target Port: choose
80 -> 8080
When you have finished configuring your route, select the Create button.
OpenShift now displays a link to the Portworx Backup UI on the Routes page. To access Portworx Backup, select that link.
Keycloak sts to upgrade from 2.5.0 to 2.5.1
If you have modified keycloak sts
settings either for HTTP or HTTPS in Portworx Backup version 2.5.0 to access the user interface, you need to revert those changes after upgrading to 2.5.1 version. The values should be in sync with the following keycloak yaml
file after reverting all the changes:
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
value: admin
- name: KC_HTTP_RELATIVE_PATH
value: /auth
- name: KC_DB
value: postgres
- name: KC_DB_URL_HOST
value: pxcentral-keycloak-postgresql
- name: KC_DB_URL_PORT
value: "5432"
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: postgresql-username
name: pxcentral-keycloak-postgresql
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: postgresql-password
name: pxcentral-keycloak-postgresql
- name: KC_PROXY
value: edge
If you choose to be on Portworx Backup version 2.5.0 for some reasons, refer the following topic to configure access to the user interface: