diff --git a/docs/design/enable-new-port.md b/docs/design/enable-new-port.md new file mode 100644 index 000000000..709f42fc2 --- /dev/null +++ b/docs/design/enable-new-port.md @@ -0,0 +1,83 @@ +# Expose an additional port, such as 5433 or any other, for a service in a specific namespace. + +### steps: + +1. Add the Istio Gateway and Virtual service by deploying the istio-addons and update the configuration as given below. + + * Gateway: + ``` + spec: + selector: + istio: ingressgateway-internal + servers: + - hosts: + - ## hostname will be checked only if "protocol" is set to HTTP, not for TCP protocol + port: + name: + number: + protocol: TCP + ``` + + * Virtual-service: + ``` + gateways: + - + hosts: + - '*' + tcp: + - match: + - port: ## ingress gateway container port + route: + - destination: + host: + port: + number: 5432 ## pod's service port + ``` + +2. Update the IstioOperator (IOP) configuration as given below by editing the IOP in the istio-system namespace. + + ``` + $ kubectl -n istio-system edit istiooperator istio-operators-mosip + ``` + + ``` + k8s: + service: + ports: + - name: + nodePort: + port: + protocol: TCP + targetPort: + ``` + +3. Update the configuration as given below within the `stream` block of the nginx.conf file of nginx node. + ``` + upstream { + server :; + server :; + server :; + server :; + server :; + server :; + server :; + server :; + + } + + Note: The upstream block is usually followed by a server block where the traffic from clients is forwarded to the backend upstream group. + server{ + listen :; + proxy_pass ; + } + ``` + +4. Restart the Nginx service. + ``` + sudo systemctl restart nginx + ``` + +5. Expose the port and nodePort from the AWS cloud and UFW firewall. + * < port >: needs to be exposed for the nginx node. + * < nodeport >: needs to be exposed for all the k8's cluster nodes. +