Hi Mike,
Let me sketch it:
* The trick I use (no idea if it is wise or not 😊 ) is to have
nginx-ingress set up and then specify a service selecting the nginx…controller
pods [1]
* You don’t need to bind to the node address (see externalIPs), you could
much the same port-forward this service, but
the ingresses that specify the nginx-ingress, all relay over that same service,
using a different https path respectively
* I’ll give an example configuration for flink-kubernetes-operator
FlinkDeployment [2]
* template: is patched with the namespace and job name
* unfortunately, annotations: does not support templating (yet?),
* i.e. you need to manually replace the path which must be the same as
what comes out of template:
* put in the <title/> whatever you like (that was your original question
😊 )
* I work on a local VM with microk8s, so specifying that as externalIPs
allows me to access it, however I also need to register this IP as
local.ingress in my hosts file, and accept the certificate in the browser …
* In your case you could either expose that service with a port forward and
also get the certificate and DNS business solved
* This is the result on my machine:
[cid:image001.png@01D9AA66.B544C770]
Hope that helps
Thias
[1] service-exposing-nginx-ingress-on-node.yaml :
apiVersion: v1
kind: Service
metadata:
name: nginx-ingress-microk8s-service
namespace: ingress
labels:
app: nginx-ingress
spec:
ports:
- port: 8095
targetPort: http
protocol: TCP
name: http
- port: 8444
targetPort: https
protocol: TCP
name: https
selector:
name: nginx-ingress-microk8s
externalIPs:
- xxx.xxx.xxx.xxx
[2] basic.ingress.yaml :
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
apiVersion: flink.apache.org/v1beta1
kind: FlinkDeployment
metadata:
name: basic-ingress
namespace: flink
spec:
image: flink:1.16
flinkVersion: v1_16
ingress:
template: "ingress.local/{{namespace}}/{{name}}(/|$)(.*)"
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: "/$2"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header Accept-Encoding "";
sub_filter_last_modified off;
sub_filter '<base href="./">' '<base href="/flink/basic-ingress/">';
sub_filter '<title>Apache Flink Web Dashboard</title>' '<title>flink:
basic-ingress Dashboard</title>';
flinkConfiguration:
taskmanager.numberOfTaskSlots: "2"
serviceAccount: flink
jobManager:
resource:
memory: "2048m"
cpu: 1
taskManager:
resource:
memory: "2048m"
cpu: 1
job:
jarURI: local:///opt/flink/examples/streaming/StateMachineExample.jar
parallelism: 2
upgradeMode: stateless
From: Mike Phillips <mike.phill...@intellisense.io>
Sent: Thursday, June 29, 2023 7:42 AM
To: Schwalbe Matthias <matthias.schwa...@viseca.ch>; user@flink.apache.org
Subject: Re: Identifying a flink dashboard
âš EXTERNAL MESSAGE – CAUTION: Think Before You Click âš
G'day,
The flink and the dashboard are running in k8s and I am not on the same network.
We don't have a VPN into the cluster. (Don't ask)
I am not sure how I would access the dashboard without having a port forward.
On 28/06/2023 14:39, Schwalbe Matthias wrote:
Good Morning Mike,
As a quick fix, sort of, you could use an Ingress on nginx-ingress (instead of
the port-forward) and
Add a sub_filter rule to patch the HTML response.
I use this to add a <base …/> tag to the header and for the Flink-Dashboard I
experience no glitches.
As to point 3. … you don’t need to expose that Ingress to the internet, but
only to the node IP, so it becomes visible only within your network, … there is
a number of ways doing it
I could elaborate a little more, if interested
Hope this helps
Thias
From: Mike Phillips
<mike.phill...@intellisense.io><mailto:mike.phill...@intellisense.io>
Sent: Wednesday, June 28, 2023 3:47 AM
G'day Alex,
Thanks!
1 - hmm.... maybe beyond my capabilities presently
2 - Yuck! :-) Will look at this
3 - Not possible, the dashboards are not accessible via the internet, so we use
kube and port forward, URL looks like http://wobbegong:30000/ the port changes
4 - I think this requires the dashboard be internet accessible?
On Tue, 27 Jun 2023 at 17:21, Alexander Fedulov
<alexander.fedu...@gmail.com<mailto:alexander.fedu...@gmail.com>> wrote:
Hi Mike,
no, it is currently hard-coded
https://github.com/apache/flink/blob/master/flink-runtime-web/web-dashboard/src/app/app.component.html#L23
Your options are:
1. Contribute a change to make it configurable
2. Use some browser plugin that allows renaming page titles
3. Always use different ports and bookmark the URLs accordingly
4. Use an Ingress in k8s
Best,
Alex
On Tue, 27 Jun 2023 at 05:58, Mike Phillips
<mike.phill...@intellisense.io<mailto:mike.phill...@intellisense.io>> wrote:
G'day all,
Not sure if this is the correct place but...
We have a number of flink dashboards and it is difficult to know what dashboard
we are looking at.
Is there a configurable way to change the 'Apache Flink Dashboard' heading on
the dashboard?
Or some other way of uniquely identifying what dashboard I am currently looking
at?
Flink is running in k8s and we use kubectl port forwarding to connect to the
dashboard so we can't ID using the URL
Diese Nachricht ist ausschliesslich für den Adressaten bestimmt und beinhaltet
unter Umständen vertrauliche Mitteilungen. Da die Vertraulichkeit von
e-Mail-Nachrichten nicht gewährleistet werden kann, übernehmen wir keine
Haftung für die Gewährung der Vertraulichkeit und Unversehrtheit dieser
Mitteilung. Bei irrtümlicher Zustellung bitten wir Sie um Benachrichtigung per
e-Mail und um Löschung dieser Nachricht sowie eventueller Anhänge. Jegliche
unberechtigte Verwendung oder Verbreitung dieser Informationen ist streng
verboten.
This message is intended only for the named recipient and may contain
confidential or privileged information. As the confidentiality of email
communication cannot be guaranteed, we do not accept any responsibility for the
confidentiality and the intactness of this message. If you have received it in
error, please advise the sender by return e-mail and delete this message and
any attachments. Any unauthorised use or dissemination of this information is
strictly prohibited.
