Hi ,
Running both ISAM and ISVA from the latest Helm Charts in a Kubernetes cluster with 2 worker nodes.
we have a case open with IBM support were we reported a compatibility issue between ISAM 9.0.7 and ISVA 10, when trying to access IBM ICN.
It worked with ISAM but not with ISVA.
I've spent some (read "a lot of") time making sure that the environments and test case for both ISAM and ISVA are the same.
They are now deployed in seperate namespaces in the same Kubernetes Cluster accessing (junctioning to) the same ICN backend.
In doing this, I now can say that ISAM and ISVA both can access ICN with expected results and both ISAM and ISVA can fail to do so in what I hope is a consistent manner.
If I log in to the reverse proxy (for either ISAM or ISVA) directly on the nodeport it is assigned by the Kubernetes deploy, everything works as expected :-), i.e nodeIP:nodeport/junctiontoICN connects and responds correctly for ICN tasks.
But if I add an ingress to the Kubernetes cluster (mainly to allow for hostname routing/virtual hosts) the connection from the reverse proxy to ICN causes a continuous reload loop of the ICN desktop. It looks like ICN runs through all the steps for building the desktop and once it's done repeats the same operation over and over.
The ingress (annotated with 'nginx.ingress.kubernetes.io/backend-protocol: HTTPS' ) is simple enough, expose a hostname listening on port 80, redirect that that traffic to the reverse proxys service port:
spec:
rules:
- host: some.internal.host.name
http:
paths:
- backend:
serviceName: verify-access-isvawrp-webseal
servicePort: 443
pathType: ImplementationSpecific
Not being a Kubernetes specialist, what am I missing/misunderstanding?
Thanks in advance
Anders
------------------------------
Anders Domeij
CGI Sweden AB
------------------------------