-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add chart for browZer bootstrapper #229
Comments
Hi, Since this is something like the 'main' issue for Browzer support, I'd like to give a summary of the PRs I've provided and how to get Browzer to work in a kubernetes setup. Browzer interacts with three components: The Browzer bootstrapper, the Ziti-Controller and Ziti-Router.
I've put the helm charts in a 'works for me' state on my github pages, accessible via https://marvkis.github.io/charts . This are samples how to use it. The urls are:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
name: ziti-controller-ingress-alt-client
namespace: openziti
spec:
ingressClassName: nginx
rules:
- host: clients.browzer.my.domain
http:
paths:
- backend:
service:
name: ziti-controller-client
port:
number: 443
path: /
pathType: Prefix
tls:
- hosts:
- clients.browzer.my.domain
secretName: default-nginx-cert
additionalVolumes:
- mountPath: /etc/ziti/wss-cert/
name: wss-cert
secretName: nginx-default-cert
volumeType: secret
edge:
additionalListeners:
- advertisedHost: wss.browzer.my.domain
advertisedPort: 443
containerPort: 3023
ingress:
annotations:
kubernetes.io/ingress.allow-http: "false"
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
enabled: true
ingressClassName: public
name: edge-wss
protocol: wss
service:
enabled: true
type: ClusterIP
identity:
altServerCerts:
- mode: localFile
serverCert: /etc/ziti/wss-cert/tls.crt
serverKey: /etc/ziti/wss-cert/tls.key
websocket:
enabled: true
cat <<EOF | helm upgrade --install --repo https://marvkis.github.io/charts -n openziti ziti-browzer-1 ziti-browzer-bootstrapper --version 0.0.1 -f -
zitiBrowzer:
bootstrapper:
logLevel: debug
host: browzer.my.domain
targets:
- vhost: test1.browzer.my.domain
# Service name to connect to
service: browzer-test1-service
path: /
scheme: http
idp_issuer_base_url: https://auth.my.domain/application/o/browzer-test-1/
idp_client_id: your-client_id
runtime:
logLevel: debug
# see https://openziti.discourse.group/t/browzer-setup-error-1014-origintrial-subdomain-mismatch/2481]
originTrailToken: ...
controller:
host: clients.browzer.my.domain
port: 443
loadBalancer:
host: my.domain
ingress:
ingressClassName: nginx
# This is a workaround for https://github.com/openziti/ziti-browzer-bootstrapper/issues/279
extraVolumeMounts:
- name: tmp
subPath: log
mountPath: /home/node/ziti-browzer-bootstrapper/log
extraVolumes:
- name: tmp
emptyDir: {}
EOF I hope this helps people like me to get browzer working on kubernetes. Have fun ;) Bye, |
Add a Helm chart for deploying the bootstrapper on Kubernetes.
The browZer bootstrapper is a web server that facilitates OIDC and delivers the Ziti BrowZer (Javascript) Runtime (ZBR) which functions as an in-browser, agentless OpenZiti tunneling client.
The text was updated successfully, but these errors were encountered: