Access PX-Backup UI using an AWS ALB


Perform the following steps to use an AWS Application Load Balancer (ALB) to access PX-Backup UI:

  1. Remove the AWS Elastic Load Balancing (ELB) service and change to NodePort, and add Port 443. Ensure the target port is set to 8080. For example:

    - name: http
    port: 80
    protocol: TCP
    targetPort: 8080
    - name: https
    port: 443
    protocol: TCP
    targetPort: 8080
  2. Run the following commands to set up ALB:

    kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/rbac-role.yaml
    curl -sS "https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.0.0/docs/examples/alb-ingress-controller.yaml" > alb-ingress-controller.yaml

    You can modify the cluster in the yaml file and then apply the file.

  3. Verify that your ALB controller is running:

    kubectl get pods -n kube-system
  4. Launch ALB with default port 80. For example:

    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: "px-backup-ingress"
    namespace: "px-central"
    annotations:
        kubernetes.io/ingress.class: alb
        alb.ingress.kubernetes.io/scheme: internet-facing
        alb.ingress.kubernetes.io/subnets: subnet-0b220d16cacdde728, subnet-086e80f21d1666074
    labels:
        run: pxcentral-frontend
    spec:
    rules:
        - http:
            paths:
            - path: /*
                pathType: ImplementationSpecific
                backend:
                service:
                    name: "px-backup-ui"
                    port:
                    number: 80
    Note: You can skip the alb.ingress.kubernetes.io/subnets: parameter, if you use the latest version of ALB and Kubernetes. If there is an issue while launching ALB, an error message appears in the ALB controller pod that it is not satisfying the subnets. You need to add this line and pick the subnets from VPC (Public Subnets used for EKS Cluster).
  5. Get the ALB endpoint once the above ingress resource is applied.

  6. Create the CNAME record with the above endpoint.

    Create CNAME Record

  7. Setup SSL with ACM:

    • Navigate to the AWS Certificate Manager.
    • Select Request -> Public Certificate -> FQDN (sn-pxbackup.openshift.portworx.com) -> DNS Validation -> Request.

    DNS Validation Request

    You can view that the status is Pending Validation, under the Certificate status. So, select the certificate number and then click Create records in Route 53.

    Certificate Status Pending

    The status is changed to Issued after sometime.

    Certificate Status Issued

  8. Click the certificate ID and copy the ARN number, which is used in ingress resource.

  9. Select the application you created -> Authentication -> Web URI, and add your PX-Backup URL endpoint.

  10. Configure Azure AD Authentication by selecting the application you created -> Authentication -> Web URI and add your URL endpoint.

    You can login to your domain (https://(your-application-name).openshift.portworx.com/) with your Azure AD.


Last edited: Saturday, Feb 26, 2022