DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/examples/PREREQUISITES/index.html

81 lines
29 KiB
HTML
Raw Normal View History

Deploy GitHub Pages
2021-05-23 16:14:37 +00:00
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/examples/PREREQUISITES/ rel=canonical><link rel="shortcut icon" href=../../assets/images/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.4"><title>Prerequisites - NGINX Ingress Controller</title><link rel=stylesheet href=../../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#009485><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../../extra.css><script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new Date,ga("create","UA-118407822-1","kubernetes.github.io"),ga("set","anonymizeIp",!0),ga("send","pageview"),document.addEventListener("DOMContentLoaded",function(){document.forms.search&&document.forms.search.query.addEventListener("blur",function(){if(this.value){var e=document.location.pathname;ga("send","pageview",e+"?q="+this.value)}})}),document.addEventListener("DOMContentSwitch",function(){ga("send","pageview",document.location.pathname)})</script><script async src=https://www.google-analytics.com/analytics.js></script></head> <body dir=ltr data-md-color-scheme data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#prerequisites class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://kubernetes.github.io/ingress-nginx title="NGINX Ingress Controller" class="md-header-nav__button md-logo" aria-label="NGINX Ingress Controller"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 003-3 3 3 0 00-3-3 3 3 0 00-3 3 3 3 0 003 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54z"/></svg> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> NGINX Ingress Controller </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> Prerequisites </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.
Deploy GitHub Pages
2021-01-11 15:59:14 +00:00
<span class=go>Generating a 2048 bit RSA private key</span>
<span class=go>................+++</span>
<span class=go>................+++</span>
<span class=go>writing new private key to &#39;tls.key&#39;</span>
<span class=go>-----</span>
<span class=gp>$</span> kubectl create secret tls tls-secret --key tls.key --cert tls.crt
<span class=go>secret &quot;tls-secret&quot; created</span>
</code></pre></div> <p>Note: If using CA Authentication, described below, you will need to sign the server certificate with the CA.</p> <h2 id=client-certificate-authentication>Client Certificate Authentication<a class=headerlink href=#client-certificate-authentication title="Permanent link"></a></h2> <p>CA Authentication also known as Mutual Authentication allows both the server and client to verify each others identity via a common CA.</p> <p>We have a CA Certificate which we obtain usually from a Certificate Authority and use that to sign both our server certificate and client certificate. Then every time we want to access our backend, we must pass the client certificate.</p> <p>These instructions are based on the following <a href=https://medium.com/@awkwardferny/configuring-certificate-based-mutual-authentication-with-kubernetes-ingress-nginx-20e7e38fdfca>blog</a></p> <p><strong>Generate the CA Key and Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj &#39;/CN=My Cert Authority&#39;</span>
</code></pre></div> <p><strong>Generate the Server Key, and Certificate and Sign with the CA Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj &#39;/CN=mydomain.com&#39;</span>
<span class=go>openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt</span>
</code></pre></div> <p><strong>Generate the Client Key, and Certificate and Sign with the CA Certificate:</strong></p> <div class=highlight><pre><span></span><code><span class=go>openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj &#39;/CN=My Client&#39;</span>
<span class=go>openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt</span>
Deploy GitHub Pages
2021-08-07 00:08:36 +00:00
</code></pre></div> <p>Once this is complete you can continue to follow the instructions <a href=../auth/client-certs/#creating-certificate-secrets>here</a></p> <h2 id=test-http-service>Test HTTP Service<a class=headerlink href=#test-http-service title="Permanent link"></a></h2> <p>All examples that require a test HTTP Service use the standard http-svc pod, which you can deploy as follows</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml
Deploy GitHub Pages
2021-01-11 15:59:14 +00:00
<span class=go>service &quot;http-svc&quot; created</span>
<span class=go>replicationcontroller &quot;http-svc&quot; created</span>
<span class=gp>$</span> kubectl get po
<span class=go>NAME READY STATUS RESTARTS AGE</span>
<span class=go>http-svc-p1t3t 1/1 Running 0 1d</span>
<span class=gp>$</span> kubectl get svc
<span class=go>NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class=go>http-svc 10.0.122.116 &lt;pending&gt; 80:30301/TCP 1d</span>
</code></pre></div> <p>You can test that the HTTP Service works by exposing it temporarily</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl patch svc http-svc -p <span class=s1>&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;LoadBalancer&quot;}}&#39;</span>
<span class=go>&quot;http-svc&quot; patched</span>
<span class=gp>$</span> kubectl get svc http-svc
<span class=go>NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class=go>http-svc 10.0.122.116 &lt;pending&gt; 80:30301/TCP 1d</span>
<span class=gp>$</span> kubectl describe svc http-svc
<span class=go>Name: http-svc</span>
<span class=go>Namespace: default</span>
<span class=go>Labels: app=http-svc</span>
<span class=go>Selector: app=http-svc</span>
<span class=go>Type: LoadBalancer</span>
<span class=go>IP: 10.0.122.116</span>
<span class=go>LoadBalancer Ingress: 108.59.87.136</span>
<span class=go>Port: http 80/TCP</span>
<span class=go>NodePort: http 30301/TCP</span>
<span class=go>Endpoints: 10.180.1.6:8080</span>
<span class=go>Session Affinity: None</span>
<span class=go>Events:</span>
<span class=go> FirstSeen LastSeen Count From SubObjectPath Type Reason Message</span>
<span class=go> --------- -------- ----- ---- ------------- -------- ------ -------</span>
<span class=go> 1m 1m 1 {service-controller } Normal Type ClusterIP -&gt; LoadBalancer</span>
<span class=go> 1m 1m 1 {service-controller } Normal CreatingLoadBalancer Creating load balancer</span>
<span class=go> 16s 16s 1 {service-controller } Normal CreatedLoadBalancer Created load balancer</span>
<span class=gp>$</span> curl <span class=m>108</span>.59.87.136
<span class=go>CLIENT VALUES:</span>
<span class=go>client_address=10.240.0.3</span>
<span class=go>command=GET</span>
<span class=go>real path=/</span>
<span class=go>query=nil</span>
<span class=go>request_version=1.1</span>
<span class=go>request_uri=http://108.59.87.136:8080/</span>
<span class=go>SERVER VALUES:</span>
<span class=go>server_version=nginx: 1.9.11 - lua: 10001</span>
<span class=go>HEADERS RECEIVED:</span>
<span class=go>accept=*/*</span>
<span class=go>host=108.59.87.136</span>
<span class=go>user-agent=curl/7.46.0</span>
<span class=go>BODY:</span>
<span class=go>-no body in request-</span>
<span class=gp>$</span> kubectl patch svc http-svc -p <span class=s1>&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;NodePort&quot;}}&#39;</span>
<span class=go>&quot;http-svc&quot; patched</span>
</code></pre></div> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid" aria-label=Footer> <a href=../ class="md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </div> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Previous </span> Introduction </div> </div> </a> <a href=../affinity/cookie/ class="md-footer-nav__link md-footer-nav__link--next" rel=next> <div class=md-footer-nav__title> <div class=md-ellipsis> <span class=md-footer-nav__direction> Next </span> Sticky Sessions </div> </div> <div class="md-footer-nav__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/vendor.93c04032.min.js></script> <script src=../../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
Deploy GitHub Pages
2020-04-15 17:09:38 +00:00
app = initialize({
base: "../..",
Deploy GitHub Pages
2021-01-11 15:59:14 +00:00
features: ['navigation.tabs', 'navigation.tabs.sticky', 'navigation.instant', 'navigation.sections'],
Deploy GitHub Pages
2020-04-15 17:09:38 +00:00
search: Object.assign({
Deploy GitHub Pages
2021-01-11 15:59:14 +00:00
worker: "../../assets/javascripts/worker/search.8c7e0a7e.min.js"
Deploy GitHub Pages
2020-04-15 17:09:38 +00:00
}, typeof search !== "undefined" && search)
})
Deploy GitHub Pages
2021-01-11 15:59:14 +00:00
</script> </body> </html>
Reference in a new issue Copy permalink