The Self-Managed Portal is in early preview. We recommend using the self managed UI for development only, and welcome any feedback.Features and configuration options may change in future releases.
Enabling the Portal
In this early iteration of the Self-Managed Portal, the client interacts directly with the Operator API and Big Peer API.
As such, there are a few steps required to allow the Portal to access these APIs.
Enable the Portal in the Operator
Upgrade the Ditto Operator Helm release to enable the portal:helm upgrade ditto-operator \
oci://quay.io/ditto-external/ditto-operator \
--namespace ditto \
--reuse-values \
--set portal.enabled=true \
--set portal.config.bigPeerName=example \
--set portal.config.operatorApiUrl=http://localhost:8081 \
--set portal.config.bigPeerBaseUrl=http://localhost:8082
example with the name of your Big Peer.The operatorApiUrl and bigPeerBaseUrl values are configured for local port-forwarding, which we’ll set up in a later step.
Configure CORS on your Big Peer
The Portal UI runs in your browser and makes requests to the Big Peer HTTP API. To allow these cross-origin requests, configure CORS on your Big Peer:kubectl patch bigpeer example -n ditto --type=merge -p '{
"spec": {
"network": {
"ingress": {
"template": {
"ingress": {
"metadata": {
"annotations": {
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "*",
"nginx.ingress.kubernetes.io/cors-allow-methods": "GET, POST, PUT, DELETE, OPTIONS",
"nginx.ingress.kubernetes.io/cors-allow-headers": "X-DITTO-ENSURE-INSERT,X-HYDRA-ENSURE-INSERT,X-DITTO-ACTOR-ID,X-DITTO-CLIENT-ID,X-HYDRA-CLIENT-ID,X-DITTO-SDK-VERSION,Accept,Referer,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,X-Forwarded-For"
}
}
}
}
}
}
}
}'
example with the name of your Big Peer. Set up port forwarding
The Portal requires access to three services. Set up port forwarding for each:# Terminal 1: Portal UI
kubectl port-forward svc/ditto-operator-portal 8080:80 -n ditto
# Terminal 2: Operator API
kubectl port-forward deployments/ditto-operator 8081:8080 -n ditto
# Terminal 3: Big Peer API (through nginx for CORS)
kubectl port-forward svc/ingress-nginx-controller 8082:80 -n ingress-nginx
The Big Peer API port-forward goes through the nginx ingress controller to ensure CORS headers are applied. Direct port-forwarding to the Big Peer API pods would bypass nginx and result in CORS errors.
Using the Portal
Authenticating with the Operator API
When you first access the Portal, you’ll be prompted to authenticate with the Operator API. The Portal uses a Kubernetes service account token for this.
Generate a token:
kubectl create token default --audience=portal-self-managed -n ditto
New Installation
To enable the portal as part of a new Operator installation:
helm install ditto-operator \
oci://quay.io/ditto-external/ditto-operator \
--namespace ditto \
--create-namespace \
--set portal.enabled=true \
--set portal.config.bigPeerName=example \
--set portal.config.operatorApiUrl=http://localhost:8081 \
--set portal.config.bigPeerBaseUrl=http://localhost:8082
Configuration Options
| Option | Description | Default |
|---|
portal.enabled | Enable the self-managed portal UI | false |
portal.config.bigPeerName | Name of the BigPeer resource to manage | '' |
portal.config.operatorApiUrl | URL for the Portal to reach the Operator API | Auto-generated |
portal.config.bigPeerBaseUrl | URL for the Portal to reach the Big Peer HTTP API | '' |
portal.replicaCount | Number of portal replicas | 1 |
portal.image.tag | Override the portal image tag | Operator version |
portal.ingress.enabled | Enable ingress for external access | false |
