Author: Jason De Paola
Updated: September 2024
Audience: Everyone
Environment: Self-hosted Administration, Replicated - KOTS channels
Issue
SSL was set up using an external load balancer. These steps outline the process for switching back to KOTS admin without SSL.
Solution
Backup the working proxy of the application server:
kubectl get proxy nginx -o yaml > oldProxy.yaml
Run:
kubectl delete proxy nginx
Create a file, e.g., called newProxy.yaml, and use the data below, replacing the entry on the last line "fqdn" with your fqdn.
apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
annotations:
kots.io/app-slug: jama-k8s
meta.helm.sh/release-name: application
meta.helm.sh/release-namespace: default
labels:
app.kubernetes.io/instance: application
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nginx
app.kubernetes.io/version: 8.25.3
helm.sh/chart: nginx-0.0.0
kots.io/app-slug: jama-k8s
kots.io/backup: velero
name: nginx
namespace: default
spec:
ingressClassName: contour
routes:
- conditions:
- prefix: /
requestHeadersPolicy:
set:
- name: X-Real-IP
value: '%DOWNSTREAM_REMOTE_ADDRESS%'
- name: X-Jama-Tenant
value: jama
- name: x-forwarded-proto
value: https
responseHeadersPolicy:
set:
- name: Strict-Transport-Security
value: max-age=31536000
services:
- name: core
port: 80
timeoutPolicy:
idle: infinity
response: infinity
- conditions:
- prefix: /saml/
requestHeadersPolicy:
set:
- name: X-Real-IP
value: '%DOWNSTREAM_REMOTE_ADDRESS%'
- name: X-Jama-Tenant
value: jama
responseHeadersPolicy:
set:
- name: Strict-Transport-Security
value: max-age=31536000
services:
- name: saml
port: 8888
timeoutPolicy:
idle: infinity
response: infinity
- conditions:
- prefix: /saml/login.req
requestHeadersPolicy:
set:
- name: x-forwarded-proto
value: https
- name: X-Real-IP
value: '%DOWNSTREAM_REMOTE_ADDRESS%'
- name: X-Jama-Tenant
value: jama
responseHeadersPolicy:
set:
- name: Strict-Transport-Security
value: max-age=31536000
services:
- name: core
port: 80
timeoutPolicy:
idle: infinity
response: infinity
- conditions:
- prefix: /help/
pathRewritePolicy:
replacePrefix:
- replacement: /help-onpremises/
requestHeadersPolicy:
set:
- name: X-Real-IP
value: '%DOWNSTREAM_REMOTE_ADDRESS%'
- name: X-Jama-Tenant
value: jama
responseHeadersPolicy:
set:
- name: Strict-Transport-Security
value: max-age=31536000
services:
- name: core
port: 80
timeoutPolicy:
idle: infinity
response: infinity
- conditions:
- prefix: /services/diff
requestHeadersPolicy:
set:
- name: X-Real-IP
value: '%DOWNSTREAM_REMOTE_ADDRESS%'
- name: X-Jama-Tenant
value: jama
responseHeadersPolicy:
set:
- name: Strict-Transport-Security
value: max-age=31536000
services:
- name: diff
port: 80
timeoutPolicy:
idle: infinity
response: infinity
virtualhost:
fqdn: jama.contoso.com
Run:
kubectl apply -f newProxy.yaml
Check the status of the changes running:
kubectl get proxy
The prior command should show something like Valid HTTPProxy
If, for some reason, the access to the application fails after running the previous process, run these:
kubectl delete proxy nginx
kubectl apply -f oldProxy.yaml
Note: If something new is deployed/redeployed using the KOTS admin console, steps 2 and 3 must be executed again.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Comments
0 comments
Article is closed for comments.