Configure access to the Portworx Backup UI

If the standard Portworx Backup UI endpoint configuration does not meet your requirements, you can configure access using HTTPS, access it through the load balancer, or even navigate to one of your node IPs directly.

Configure access to the UI on Kubernetes

This section shows you how you can configure access to the Portworx Backup UI on Kubernetes.

Expose the UI on ingress and configure access using HTTPS

You can configure access to Portworx Backup through HTTPS by creating an ingress rule.

1. Modify and paste the following spec into your one of your Portworx Backup nodes, entering your own values for the following:

   • spec.rules.host: specify the name of the host on which you've installed Portworx Backup

   • spec.tls.hosts specify the name of the host on which you've installed Portworx Backup

   • spec.tls.hosts.secretName: specify the name of the secret that holds your Kubernetes TLS certificates

     cat <<< '
     apiVersion: networking.k8s.io/v1
     kind: Ingress
     metadata:
     annotations:
       ingress.bluemix.net/redirect-to-https: "True"
       kubernetes.io/ingress.class: nginx
       nginx.ingress.kubernetes.io/x-forwarded-port: "443"
     name: px-backup-ui-ingress
     namespace: px-backup
     spec:
     rules:
     - host: <px-backup-host>
       http:
         paths:
         - backend:
             service:
               name: px-backup-ui
               port:
                 number: 80
           path: /
           pathType: Prefix
     tls:
     - hosts:
       - <px-backup-host>
       secretName: <TLS-backup-secret>
     ' > /tmp/px-backup-ui-ingress.yaml
   note

   The secretName field is only required when you want to terminate TLS on the host/domain. Refer to your cloud provider for specific examples:

   • AKS
   • EKS

2. Apply the spec:

   kubectl apply -f /tmp/px-backup-ui-ingress.yaml

3. Retrieve the INGRESS_ENDPOINT using the kubectl get ingress command:

   kubectl get ingress px-backup-ui-ingress --namespace px-backup -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"

   Once you have retrieved the INGRESS_ENDPOINT, you can use it to access the Portworx Backup user interface with the HTTPS scheme. Use the default credentials (admin/admin) to log in:

   https://INGRESS_ENDPOINT

   Additionally, you can access the Keycloak UI at the /auth/ path:

   https://INGRESS_ENDPOINT/auth/

Access the Portworx Backup UI using a node IP

You can access Portworx Backup by directly navigating to one of your node's IP addresses.

1. Find the public/external IP (NODE_IP) of any node in your current Kubernetes cluster.

2. Find the node port (NODE_PORT) of the px-backup-ui service.

   Once you have found the node IP and port, you can combine them to access the Portworx Backup UI:

   http://NODE_IP:NODE_PORT

   Additionally, you can access the Keycloak UI at the /auth/ path:

   http://NODE_IP:NODE_PORT/auth/
   note

   You can access Portworx Backup user interface with node IP in both internet-connected and air-gapped environments.

Access the Portworx Backup UI using the load balancer endpoint

You can also the access Portworx Backup UI by navigating to the load balancer using either its host name or IP address.

1. Get the loadbalancer endpoint (LB_ENDPOINT) using one of the following commands:

   • Host:

     kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].hostname}"`

   • IP:

     kubectl get ingress --namespace {{ .Release.Namespace }} px-backup-ui -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`

     Once you have retrieved the load balancer endpoint, you can use it to access the Portworx Backup user interface:

     http://LB_ENDPOINT

     You can access the Keycloak UI at the /auth/ path:

     http://LB_ENDPOINT/auth/

Configure access to the Portworx Backup on OpenShift

This section shows how you can configure access to the Portworx Backup user interface on OpenShift.

Access the Portworx Backup UI using a route

1. Open the web console, go to Networking > Routes, and then select the Create Route button.

2. On the Create Route page, configure your route by populating the following fields:

   • Name: enter a descriptive name
   • Hostname: specify a public hostname. If you leave this field empty, OpenShift will generate a hostname.
   • Path: leave this field unchanged.
   • Service: choose px-backup-ui from the drop-down list.
   • Target Port: choose 80 -> 8080

3. When you have finished configuring your route, select the Create button.

4. OpenShift now displays a link to the Portworx Backup UI on the Routes page. To access Portworx Backup, select that link.

Keycloak sts to upgrade from 2.5.0 to 2.5.1

If you have modified keycloak sts settings either for HTTP or HTTPS in Portworx Backup version 2.5.0 to access the user interface, you need to revert those changes after upgrading to 2.5.1 version. The values should be in sync with the following keycloak yaml file after reverting all the changes:

- name: KC_HOSTNAME_STRICT
       value: "false"
     - name: KC_HOSTNAME_STRICT_HTTPS
       value: "false"
     - name: PROXY_ADDRESS_FORWARDING
       value: "true"
     - name: KEYCLOAK_ADMIN
       value: admin
     - name: KEYCLOAK_ADMIN_PASSWORD
       value: admin
     - name: KC_HTTP_RELATIVE_PATH
       value: /auth
     - name: KC_DB
       value: postgres
     - name: KC_DB_URL_HOST
       value: pxcentral-keycloak-postgresql
     - name: KC_DB_URL_PORT
       value: "5432"
     - name: KC_DB_USERNAME
       valueFrom:
         secretKeyRef:
           key: postgresql-username
           name: pxcentral-keycloak-postgresql
     - name: KC_DB_PASSWORD
       valueFrom:
         secretKeyRef:
           key: postgresql-password
           name: pxcentral-keycloak-postgresql
     - name: KC_PROXY
       value: edge

If you choose to be on Portworx Backup version 2.5.0 for some reasons, refer the following topic to configure access to the user interface:

• Access user interface over HTTPS or HTTP