C Migrating from NGINX to HAProxy Ingress Controller

This section describes the configuration changes required to migrate from the NGINX Ingress Controller to the HAProxy Ingress Controller.

Note:

You must configure all applications to use HAProxy, and then uninstall NGINX.

Installing HAProxy Ingress Controller

To install the HAProxy Ingress Controller, see "Planning and Validating Your Cloud Environment" in UIM Cloud Native Deployment Guide.

Configure applications-base.yaml for All Services

The configuration in this section applies to UIM, ATA, Message Bus, and Smart Search. Perform the following before proceeding to the application-specific sections:

1. Download the latest common-cntk, merge the specifications, and retain the required values from your existing configuration.
2. Ensure that the ingressController value in the spec section is set to GENERIC:

   ingressController: "GENERIC" 

3. Update the loadbalancerport value in the applications-base.yaml file with the HAProxy load balancer port or NodePort:

   loadbalancerport: 30543

4. Uncomment and configure the required ingress annotations and ingress.className in the applications-base.yaml file based on your ingress controller. The following example shows values for the HAProxy Ingress Controller:

   ingress:
     className: "haproxy"
     annotations:
        haproxy.org/cookie-persistence: "uimhaproxycookie" 

Migrating UIM to the HAProxy Ingress Controller

To migrate UIM to the HAProxy Ingress Controller:

1. If TLS is enabled, replace the NGINX annotations under uim.ingress.annotations in the $SPEC_PATH/$PROJECT/$INSTANCE/app-uim.yaml file.

   uim:
     ingress:
       annotations:
         haproxy.org/ssl-redirect: "true"
         haproxy.org/backend-config-snippet: |
            http-request del-header WL-Proxy-Client-IP
            http-request del-header WL-Proxy-SSL
            http-request set-header X-Forwarded-Proto https
            http-request set-header WL-Proxy-SSL true 

2. Recreate the UIM ingress and upgrade the instance:

   # recreate uim ingress 
   $COMMON_CNTK/scripts/delete-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a uim
   $COMMON_CNTK/scripts/create-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a uim
   
   # upgrade uim instance
   $COMMON_CNTK/scripts/upgrade-applications.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a uim

3. Verify that the UIM instance is accessible through the HAProxy NodePort or LoadBalancer port.

Migrating ATA and SmartSearch to the HAProxy Ingress Controller

To migrate ATA and Smart Search to the HAProxy Ingress Controller.

Note:

If the applications-base.yaml file is already configured, no additional configuration is required for ATA and SmartSearch.

1. Recreate the ingress and upgrade the applications:

   # ATA Ingress
   $COMMON_CNTK/scripts/delete-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a ata
   $COMMON_CNTK/scripts/create-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a ata
   $COMMON_CNTK/scripts/upgrade-applications.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a ata
   
   # Smart Search Ingress
   $COMMON_CNTK/scripts/delete-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a smartsearch
   $COMMON_CNTK/scripts/create-ingress.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a smartsearch
   $COMMON_CNTK/scripts/upgrade-applications.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a smartsearch 

2. Verify that the ATA and SmartSearch instances are accessible through the HAProxy NodePort or LoadBalancer port.

Migrating OpenSearch Dashboard to the HAProxy Ingress Controller

To migrate the OpenSearch Dashboard to the HAProxy Ingress Controller:

1. Set the OpenSearch Dashboard service type to ClusterIP.
2. Enable ingress and update the ingressClassName to haproxy in the $SPEC_PATH/$PROJECT/opensearch/os_board_values.yaml file.
3. Replace the NGINX annotations with HAProxy annotations to enable session persistence:

   service:
     type: ClusterIP
     
   ingress:
      enabled: true
      ingressClassName: haproxy
      annotations:
         haproxy.org/cookie-persistence: "uimhaproxycookie" 

4. Upgrade or create the OpenSearch Dashboard instance:

   $COMMON_CNTK/samples/charts/opensearch/scripts/upgrade-opensearch-dashboard.sh 

5. Verify that the OpenSearch Dashboard is accessible through the HAProxy NodePort or LoadBalancer port.

Migrating Message Bus to the HAProxy Ingress Controller

To migrate the Message Bus to the HAProxy Ingress Controller:

1. Update the ingress annotations for the Kafka cluster in the $SPEC_PATH/$PROJECT/$INSTANCE/app-messaging-bus.yaml file to enable ingress for the Message Bus:

   kafka-cluster:
      listeners:
        ingress:
           ingressSslPort: 30543
           annotations:
             haproxy.org/ssl-passthrough: "true"
             ingress.kubernetes.io/ssl-passthrough: "true" 

2. Upgrade the Message Bus instance:

    $COMMON_CNTK/scripts/upgrade-applications.sh -p $PROJECT -i $INSTANCE -s $SPEC_PATH -a messaging-bus 

3. Verify that the Message Bus instance is accessible through the HAProxy NodePort or LoadBalancer port.

Cleaning Up the NGINX Ingress Controller

To remove the NGINX Ingress Controller after migrating to HAProxy:

1. Verify that all applications are accessible through the HAProxy Ingress Controller.
2. Uninstall the NGINX Ingress Controller:

   helm uninstall nginx-operator -n nginx