Hi Mike, Let me sketch it:
* The trick I use (no idea if it is wise or not 😊 ) is to have nginx-ingress set up and then specify a service selecting the nginx…controller pods [1] * You don’t need to bind to the node address (see externalIPs), you could much the same port-forward this service, but the ingresses that specify the nginx-ingress, all relay over that same service, using a different https path respectively * I’ll give an example configuration for flink-kubernetes-operator FlinkDeployment [2] * template: is patched with the namespace and job name * unfortunately, annotations: does not support templating (yet?), * i.e. you need to manually replace the path which must be the same as what comes out of template: * put in the <title/> whatever you like (that was your original question 😊 ) * I work on a local VM with microk8s, so specifying that as externalIPs allows me to access it, however I also need to register this IP as local.ingress in my hosts file, and accept the certificate in the browser … * In your case you could either expose that service with a port forward and also get the certificate and DNS business solved * This is the result on my machine: [cid:image001.png@01D9AA66.B544C770] Hope that helps Thias [1] service-exposing-nginx-ingress-on-node.yaml : apiVersion: v1 kind: Service metadata: name: nginx-ingress-microk8s-service namespace: ingress labels: app: nginx-ingress spec: ports: - port: 8095 targetPort: http protocol: TCP name: http - port: 8444 targetPort: https protocol: TCP name: https selector: name: nginx-ingress-microk8s externalIPs: - xxx.xxx.xxx.xxx [2] basic.ingress.yaml : ################################################################################ # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################################ apiVersion: flink.apache.org/v1beta1 kind: FlinkDeployment metadata: name: basic-ingress namespace: flink spec: image: flink:1.16 flinkVersion: v1_16 ingress: template: "ingress.local/{{namespace}}/{{name}}(/|$)(.*)" className: "nginx" annotations: nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: "/$2" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_set_header Accept-Encoding ""; sub_filter_last_modified off; sub_filter '<base href="./">' '<base href="/flink/basic-ingress/">'; sub_filter '<title>Apache Flink Web Dashboard</title>' '<title>flink: basic-ingress Dashboard</title>'; flinkConfiguration: taskmanager.numberOfTaskSlots: "2" serviceAccount: flink jobManager: resource: memory: "2048m" cpu: 1 taskManager: resource: memory: "2048m" cpu: 1 job: jarURI: local:///opt/flink/examples/streaming/StateMachineExample.jar parallelism: 2 upgradeMode: stateless From: Mike Phillips <mike.phill...@intellisense.io> Sent: Thursday, June 29, 2023 7:42 AM To: Schwalbe Matthias <matthias.schwa...@viseca.ch>; user@flink.apache.org Subject: Re: Identifying a flink dashboard ⚠EXTERNAL MESSAGE – CAUTION: Think Before You Click ⚠G'day, The flink and the dashboard are running in k8s and I am not on the same network. We don't have a VPN into the cluster. (Don't ask) I am not sure how I would access the dashboard without having a port forward. On 28/06/2023 14:39, Schwalbe Matthias wrote: Good Morning Mike, As a quick fix, sort of, you could use an Ingress on nginx-ingress (instead of the port-forward) and Add a sub_filter rule to patch the HTML response. I use this to add a <base …/> tag to the header and for the Flink-Dashboard I experience no glitches. As to point 3. … you don’t need to expose that Ingress to the internet, but only to the node IP, so it becomes visible only within your network, … there is a number of ways doing it I could elaborate a little more, if interested Hope this helps Thias From: Mike Phillips <mike.phill...@intellisense.io><mailto:mike.phill...@intellisense.io> Sent: Wednesday, June 28, 2023 3:47 AM G'day Alex, Thanks! 1 - hmm.... maybe beyond my capabilities presently 2 - Yuck! :-) Will look at this 3 - Not possible, the dashboards are not accessible via the internet, so we use kube and port forward, URL looks like http://wobbegong:30000/ the port changes 4 - I think this requires the dashboard be internet accessible? On Tue, 27 Jun 2023 at 17:21, Alexander Fedulov <alexander.fedu...@gmail.com<mailto:alexander.fedu...@gmail.com>> wrote: Hi Mike, no, it is currently hard-coded https://github.com/apache/flink/blob/master/flink-runtime-web/web-dashboard/src/app/app.component.html#L23 Your options are: 1. Contribute a change to make it configurable 2. Use some browser plugin that allows renaming page titles 3. Always use different ports and bookmark the URLs accordingly 4. Use an Ingress in k8s Best, Alex On Tue, 27 Jun 2023 at 05:58, Mike Phillips <mike.phill...@intellisense.io<mailto:mike.phill...@intellisense.io>> wrote: G'day all, Not sure if this is the correct place but... We have a number of flink dashboards and it is difficult to know what dashboard we are looking at. Is there a configurable way to change the 'Apache Flink Dashboard' heading on the dashboard? Or some other way of uniquely identifying what dashboard I am currently looking at? Flink is running in k8s and we use kubectl port forwarding to connect to the dashboard so we can't ID using the URL Diese Nachricht ist ausschliesslich für den Adressaten bestimmt und beinhaltet unter Umständen vertrauliche Mitteilungen. Da die Vertraulichkeit von e-Mail-Nachrichten nicht gewährleistet werden kann, übernehmen wir keine Haftung für die Gewährung der Vertraulichkeit und Unversehrtheit dieser Mitteilung. Bei irrtümlicher Zustellung bitten wir Sie um Benachrichtigung per e-Mail und um Löschung dieser Nachricht sowie eventueller Anhänge. Jegliche unberechtigte Verwendung oder Verbreitung dieser Informationen ist streng verboten. This message is intended only for the named recipient and may contain confidential or privileged information. As the confidentiality of email communication cannot be guaranteed, we do not accept any responsibility for the confidentiality and the intactness of this message. If you have received it in error, please advise the sender by return e-mail and delete this message and any attachments. Any unauthorised use or dissemination of this information is strictly prohibited.