Deploy GitHub Pages
This commit is contained in:
Travis Bot
parent
ec2af1dbc3
commit
006cda8fee
62 changed files with 1885 additions and 1843 deletions
|
|
@ -34,7 +34,7 @@
|
|||
<meta name="lang:search.tokenizer" content="[\s\-]+">
|
||||
|
||||
<link rel="shortcut icon" href="../../assets/images/favicon.png">
|
||||
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
|
||||
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
|
||||
|
||||
|
||||
|
||||
|
|
@ -42,7 +42,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
|
||||
|
||||
|
|
@ -53,12 +53,12 @@
|
|||
|
||||
|
||||
|
||||
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
|
||||
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
|
||||
|
||||
|
||||
|
||||
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
|
||||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
|
||||
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
|
||||
|
||||
|
||||
|
|
@ -114,7 +114,7 @@
|
|||
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
||||
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
|
||||
|
||||
<a href="#validating-webhook-admission-controller" tabindex="1" class="md-skip">
|
||||
<a href="#validating-webhook-admission-controller" tabindex="0" class="md-skip">
|
||||
Skip to content
|
||||
</a>
|
||||
|
||||
|
|
@ -123,7 +123,7 @@
|
|||
<nav class="md-header-nav md-grid">
|
||||
<div class="md-flex">
|
||||
<div class="md-flex__cell md-flex__cell--shrink">
|
||||
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
|
||||
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
|
||||
|
||||
<i class="md-icon">public</i>
|
||||
|
||||
|
|
@ -154,7 +154,7 @@
|
|||
<label class="md-search__overlay" for="__search"></label>
|
||||
<div class="md-search__inner" role="search">
|
||||
<form class="md-search__form" name="search">
|
||||
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
|
||||
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
|
||||
<label class="md-icon md-search__icon" for="__search"></label>
|
||||
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
|
||||

|
||||
|
|
@ -1352,16 +1352,16 @@
|
|||
<p>Validating webhook must be served using TLS, you need to generate a certificate. Note that kube API server is checking the hostname of the certificate, the common name of your certificate will need to match the service name.</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<p>To run the validating webhook with a service named <code class="codehilite">ingress-validation-webhook</code> in the namespace <code class="codehilite">ingress-nginx</code>, run</p>
|
||||
<div class="codehilite"><pre><span></span>openssl req -x509 -newkey rsa:2048 -keyout certificate.pem -out key.pem -days <span class="m">365</span> -nodes -subj <span class="s2">"/CN=ingress-validation-webhook.ingress-nginx.svc"</span>
|
||||
</pre></div>
|
||||
<p>To run the validating webhook with a service named <code class="codehilite"><span class="err">ingress-validation-webhook</span></code> in the namespace <code class="codehilite"><span class="err">ingress-nginx</span></code>, run</p>
|
||||
<div class="codehilite"><pre><span></span><code>openssl req -x509 -newkey rsa:2048 -keyout certificate.pem -out key.pem -days <span class="m">365</span> -nodes -subj <span class="s2">"/CN=ingress-validation-webhook.ingress-nginx.svc"</span>
|
||||
</code></pre></div>
|
||||
|
||||
</div>
|
||||
<h5 id="using-kubernetes-ca">Using Kubernetes CA<a class="headerlink" href="#using-kubernetes-ca" title="Permanent link"> ¶</a></h5>
|
||||
<p>Kubernetes also provides primitives to sign a certificate request. Here is an example on how to use it</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="codehilite"><pre><span></span><span class="ch">#!/bin/bash</span>
|
||||
<div class="codehilite"><pre><span></span><code><span class="ch">#!/bin/bash</span>
|
||||
|
||||
<span class="nv">SERVICE_NAME</span><span class="o">=</span>ingress-nginx
|
||||
<span class="nv">NAMESPACE</span><span class="o">=</span>ingress-nginx
|
||||
|
|
@ -1423,17 +1423,17 @@ kubectl create secret generic ingress-nginx.svc <span class="se">\</span>
|
|||
--from-file<span class="o">=</span>key.pem<span class="o">=</span><span class="si">${</span><span class="nv">TEMP_DIRECTORY</span><span class="si">}</span>/server-key.pem <span class="se">\</span>
|
||||
--from-file<span class="o">=</span>cert.pem<span class="o">=</span><span class="si">${</span><span class="nv">TEMP_DIRECTORY</span><span class="si">}</span>/server-cert.pem <span class="se">\</span>
|
||||
-n <span class="si">${</span><span class="nv">NAMESPACE</span><span class="si">}</span>
|
||||
</pre></div>
|
||||
</code></pre></div>
|
||||
|
||||
</div>
|
||||
<h4 id="using-helm">Using helm<a class="headerlink" href="#using-helm" title="Permanent link"> ¶</a></h4>
|
||||
<p>To generate the certificate using helm, you can use the following snippet</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="codehilite"><pre><span></span><span class="cp">{{</span><span class="o">-</span> <span class="err">$</span><span class="nv">cn</span> <span class="o">:=</span> <span class="nv">printf</span> <span class="s2">"%s.%s.svc"</span> <span class="o">(</span> <span class="nv">include</span> <span class="s2">"nginx-ingress.validatingWebhook.fullname"</span> <span class="err">.</span> <span class="o">)</span> <span class="nv">.Release.Namespace</span> <span class="cp">}}</span><span class="x"></span>
|
||||
<div class="codehilite"><pre><span></span><code><span class="cp">{{</span><span class="o">-</span> <span class="err">$</span><span class="nv">cn</span> <span class="o">:=</span> <span class="nv">printf</span> <span class="s2">"%s.%s.svc"</span> <span class="o">(</span> <span class="nv">include</span> <span class="s2">"nginx-ingress.validatingWebhook.fullname"</span> <span class="err">.</span> <span class="o">)</span> <span class="nv">.Release.Namespace</span> <span class="cp">}}</span><span class="x"></span>
|
||||
<span class="cp">{{</span><span class="o">-</span> <span class="err">$</span><span class="nv">ca</span> <span class="o">:=</span> <span class="nv">genCA</span> <span class="o">(</span><span class="nv">printf</span> <span class="s2">"%s-ca"</span> <span class="o">(</span> <span class="nv">include</span> <span class="s2">"nginx-ingress.validatingWebhook.fullname"</span> <span class="err">.</span> <span class="o">))</span> <span class="nv">.Values.validatingWebhook.certificateValidity</span> -<span class="cp">}}</span><span class="x"></span>
|
||||
<span class="cp">{{</span><span class="o">-</span> <span class="err">$</span><span class="nv">cert</span> <span class="o">:=</span> <span class="nv">genSignedCert</span> <span class="err">$</span><span class="nv">cn</span> <span class="nv">nil</span> <span class="nv">nil</span> <span class="nv">.Values.validatingWebhook.certificateValidity</span> <span class="err">$</span><span class="nv">ca</span> -<span class="cp">}}</span><span class="x"></span>
|
||||
</pre></div>
|
||||
</code></pre></div>
|
||||
|
||||
</div>
|
||||
<h3 id="ingress-controller-flags">Ingress controller flags<a class="headerlink" href="#ingress-controller-flags" title="Permanent link"> ¶</a></h3>
|
||||
|
|
@ -1448,19 +1448,19 @@ kubectl create secret generic ingress-nginx.svc <span class="se">\</span>
|
|||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td><code class="codehilite">--validating-webhook</code></td>
|
||||
<td><code class="codehilite"><span class="err">--validating-webhook</span></code></td>
|
||||
<td>The address to start an admission controller on</td>
|
||||
<td><code class="codehilite">:8080</code></td>
|
||||
<td><code class="codehilite"><span class="err">:8080</span></code></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code class="codehilite">--validating-webhook-certificate</code></td>
|
||||
<td><code class="codehilite"><span class="err">--validating-webhook-certificate</span></code></td>
|
||||
<td>The certificate the webhook is using for its TLS handling</td>
|
||||
<td><code class="codehilite">/usr/local/certificates/validating-webhook.pem</code></td>
|
||||
<td><code class="codehilite"><span class="err">/usr/local/certificates/validating-webhook.pem</span></code></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code class="codehilite">--validating-webhook-key</code></td>
|
||||
<td><code class="codehilite"><span class="err">--validating-webhook-key</span></code></td>
|
||||
<td>The key the webhook is using for its TLS handling</td>
|
||||
<td><code class="codehilite">/usr/local/certificates/validating-webhook-key.pem</code></td>
|
||||
<td><code class="codehilite"><span class="err">/usr/local/certificates/validating-webhook-key.pem</span></code></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
@ -1469,7 +1469,7 @@ kubectl create secret generic ingress-nginx.svc <span class="se">\</span>
|
|||
To check that your kube API server runs with the required flags, please refer to the <a href="https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook">kubernetes</a> documentation.</p>
|
||||
<h3 id="additional-kubernetes-objects">Additional kubernetes objects<a class="headerlink" href="#additional-kubernetes-objects" title="Permanent link"> ¶</a></h3>
|
||||
<p>Once both the ingress controller and the kube API server are configured to serve the webhook, add the you can configure the webhook with the following objects:</p>
|
||||
<div class="codehilite"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
||||
<div class="codehilite"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
||||
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Service</span>
|
||||
<span class="nt">metadata</span><span class="p">:</span>
|
||||
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ingress-validation-webhook</span>
|
||||
|
|
@ -1507,10 +1507,11 @@ To check that your kube API server runs with the required flags, please refer to
|
|||
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ingress-validation-webhook</span>
|
||||
<span class="nt">path</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/networking.k8s.io/v1beta1/ingress</span>
|
||||
<span class="nt">caBundle</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain"><pem encoded ca cert that signs the server cert used by the webhook></span>
|
||||
</pre></div>
|
||||
</code></pre></div>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -1565,9 +1566,9 @@ To check that your kube API server runs with the required flags, please refer to
|
|||
<div class="md-footer-copyright">
|
||||
|
||||
powered by
|
||||
<a href="https://www.mkdocs.org">MkDocs</a>
|
||||
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
|
||||
and
|
||||
<a href="https://squidfunk.github.io/mkdocs-material/">
|
||||
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
||||
Material for MkDocs</a>
|
||||
</div>
|
||||
|
||||
|
|
@ -1577,7 +1578,7 @@ To check that your kube API server runs with the required flags, please refer to
|
|||
|
||||
</div>
|
||||
|
||||
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
|
||||
<script src="../../assets/javascripts/application.c33a9706.js"></script>
|
||||
|
||||
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue