问题
new feature of "WSO IS 5.9.0" is the deployment.toml , but i have not found the configuration options nor the way how one can set the xml config file from this file.
For example, if I want to enable in carbon.xml option EnableHTTPAdminConsole, what should one do?
[server]
hostname = "my.server.com"
node_ip = "127.0.0.1"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
enable_h_t_t_p_admin_console = true
enable_http_admin_console = true
EnableHTTPAdminConsole = true
does not work
Also, i have tried to modify in my docker image:
wso2is-5.9.0/repository/resources/conf/templates/repository/conf/carbon.xml.j2
or
wso2is-5.9.0/conf/carbon.xml
But all these files gets overwritten.
My UseCase is to use WSO2IS in K8S without the port.
https://wso2is.my.domain/ > k8s nginx ingress : 443 (manages certificate) > wso2is-service > wso2is-pod : 9763 (plain http)
However the question still resides, what configuration options are available in deployment.toml
回答1:
This seems like not possible through the deployment.toml. As a workaround, you can uncomment the property in
wso2is-5.9.0/repository/resources/conf/templates/repository/conf/carbon.xml.j2
Report this as an issue: https://github.com/wso2/product-is/issues
回答2:
If the above fix is not getting applied, properly your docker image is getting overridden with the default configs. Can you try to build a new docker image with requested changes? This link https://github.com/wso2/docker-is/tree/5.9.0/dockerfiles/ubuntu/is can help you to build the image.
But I am not sure why you cannot access ssl(9443) from Nginx ingress. Maybe you can try this sample Nginx ingress https://github.com/wso2/kubernetes-is/blob/master/advanced/is-pattern-1/templates/identity-server-ingress.yaml
回答3:
The answer to question what can be configured using deployment.toml has answered Buddhima, so i will mark his answer as answer.
One can look trhough the templates f.e.
wso2is-5.9.0/repository/resources/conf/templates/repository/conf/carbon.xml.j2
And can see all the options.
Answer to EnableHTTPAdminConsole answered pulasthi7 that it was intented left out.
I found workaround for the ingress to connect to ssl
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/service-upstream: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
name: wso2is-ingress
namespace: wso2is
spec:
tls:
- hosts:
- wso2is.k8s.mydomain.com
secretName: tls-wso2is
rules:
- host: wso2is.k8s.mydomain.com
http:
paths:
- backend:
serviceName: wso2is-is-service
servicePort: 9443
path: /(.*)
The most important line:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
This way the connection to is encrypted to ingress nginx using its own certificate, and from nginx to the pod using certificate in the pod.
来源:https://stackoverflow.com/questions/59773570/deployment-toml-configuration-options