DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2020-02-09 23:53:05 +00:00
parent ec2af1dbc3
commit 006cda8fee
62 changed files with 1885 additions and 1843 deletions
Download patch file Download diff file Expand all files Collapse all files

45
examples/PREREQUISITES/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#prerequisites" tabindex="1" class="md-skip">
<a href="#prerequisites" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1226,7 +1226,7 @@
<h2 id="tls-certificates">TLS certificates<a class="headerlink" href="#tls-certificates" title="Permanent link"></a></h2>
<p>Unless otherwise mentioned, the TLS secret used in examples is a 2048 bit RSA
key/cert pair with an arbitrarily chosen hostname, created as follows</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> openssl req -x509 -sha256 -nodes -days <span class="m">365</span> -newkey rsa:2048 -keyout tls.key -out tls.crt -subj <span class="s2">&quot;/CN=nginxsvc/O=nginxsvc&quot;</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> openssl req -x509 -sha256 -nodes -days <span class="m">365</span> -newkey rsa:2048 -keyout tls.key -out tls.crt -subj <span class="s2">&quot;/CN=nginxsvc/O=nginxsvc&quot;</span>
<span class="go">Generating a 2048 bit RSA private key</span>
<span class="go">................+++</span>
<span class="go">................+++</span>
@ -1235,7 +1235,7 @@ key/cert pair with an arbitrarily chosen hostname, created as follows</p>
<span class="gp">$</span> kubectl create secret tls tls-secret --key tls.key --cert tls.crt
<span class="go">secret &quot;tls-secret&quot; created</span>
</pre></div>
</code></pre></div>
<p>Note: If using CA Authentication, described below, you will need to sign the server certificate with the CA.</p>
<h2 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link"></a></h2>
@ -1246,24 +1246,24 @@ both our server certificate and client certificate. Then every time we want to a
pass the client certificate.</p>
<p>These instructions are based on the following <a href="https://medium.com/@awkwardferny/configuring-certificate-based-mutual-authentication-with-kubernetes-ingress-nginx-20e7e38fdfca">blog</a></p>
<p><strong>Generate the CA Key and Certificate:</strong></p>
<div class="codehilite"><pre><span></span><span class="go">openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj &#39;/CN=My Cert Authority&#39;</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">openssl req -x509 -sha256 -newkey rsa:4096 -keyout ca.key -out ca.crt -days 356 -nodes -subj &#39;/CN=My Cert Authority&#39;</span>
</code></pre></div>
<p><strong>Generate the Server Key, and Certificate and Sign with the CA Certificate:</strong></p>
<div class="codehilite"><pre><span></span><span class="go">openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj &#39;/CN=mydomain.com&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="go">openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -nodes -subj &#39;/CN=mydomain.com&#39;</span>
<span class="go">openssl x509 -req -sha256 -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt</span>
</pre></div>
</code></pre></div>
<p><strong>Generate the Client Key, and Certificate and Sign with the CA Certificate:</strong></p>
<div class="codehilite"><pre><span></span><span class="go">openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj &#39;/CN=My Client&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="go">openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -nodes -subj &#39;/CN=My Client&#39;</span>
<span class="go">openssl x509 -req -sha256 -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt</span>
</pre></div>
</code></pre></div>
<p>Once this is complete you can continue to follow the instructions <a href="../auth/client-certs/#creating-certificate-secrets">here</a></p>
<h2 id="test-http-service">Test HTTP Service<a class="headerlink" href="#test-http-service" title="Permanent link"></a></h2>
<p>All examples that require a test HTTP Service use the standard http-svc pod,
which you can deploy as follows</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f http-svc.yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f http-svc.yaml
<span class="go">service &quot;http-svc&quot; created</span>
<span class="go">replicationcontroller &quot;http-svc&quot; created</span>
@ -1274,10 +1274,10 @@ which you can deploy as follows</p>
<span class="gp">$</span> kubectl get svc
<span class="go">NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class="go">http-svc 10.0.122.116 &lt;pending&gt; 80:30301/TCP 1d</span>
</pre></div>
</code></pre></div>
<p>You can test that the HTTP Service works by exposing it temporarily</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl patch svc http-svc -p <span class="s1">&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;LoadBalancer&quot;}}&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl patch svc http-svc -p <span class="s1">&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;LoadBalancer&quot;}}&#39;</span>
<span class="go">&quot;http-svc&quot; patched</span>
<span class="gp">$</span> kubectl get svc http-svc
@ -1324,10 +1324,11 @@ which you can deploy as follows</p>
<span class="gp">$</span> kubectl patch svc http-svc -p <span class="s1">&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;NodePort&quot;}}&#39;</span>
<span class="go">&quot;http-svc&quot; patched</span>
</pre></div>
</code></pre></div>
@ -1382,9 +1383,9 @@ which you can deploy as follows</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1394,7 +1395,7 @@ which you can deploy as follows</p>
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

57
examples/affinity/cookie/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#sticky-sessions" tabindex="1" class="md-skip">
<a href="#sticky-sessions" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1222,18 +1222,18 @@
<tbody>
<tr>
<td>nginx.ingress.kubernetes.io/affinity</td>
<td>Type of the affinity, set this to <code class="codehilite">cookie</code> to enable session affinity</td>
<td>string (NGINX only supports <code class="codehilite">cookie</code>)</td>
<td>Type of the affinity, set this to <code class="codehilite"><span class="err">cookie</span></code> to enable session affinity</td>
<td>string (NGINX only supports <code class="codehilite"><span class="err">cookie</span></code>)</td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/affinity-mode</td>
<td>The affinity mode defines how sticky a session is. Use <code class="codehilite">balanced</code> to redistribute some sessions when scaling pods or <code class="codehilite">persistent</code> for maximum stickyness.</td>
<td><code class="codehilite">balanced</code> (default) or <code class="codehilite">persistent</code></td>
<td>The affinity mode defines how sticky a session is. Use <code class="codehilite"><span class="err">balanced</span></code> to redistribute some sessions when scaling pods or <code class="codehilite"><span class="err">persistent</span></code> for maximum stickyness.</td>
<td><code class="codehilite"><span class="err">balanced</span></code> (default) or <code class="codehilite"><span class="err">persistent</span></code></td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-name</td>
<td>Name of the cookie that will be created</td>
<td>string (defaults to <code class="codehilite">INGRESSCOOKIE</code>)</td>
<td>string (defaults to <code class="codehilite"><span class="err">INGRESSCOOKIE</span></code>)</td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-path</td>
@ -1243,37 +1243,37 @@
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-samesite</td>
<td>SameSite attribute to apply to the cookie</td>
<td>Browser accepted values are <code class="codehilite">None</code>, <code class="codehilite">Lax</code>, and <code class="codehilite">Strict</code></td>
<td>Browser accepted values are <code class="codehilite"><span class="err">None</span></code>, <code class="codehilite"><span class="err">Lax</span></code>, and <code class="codehilite"><span class="err">Strict</span></code></td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none</td>
<td>Will omit <code class="codehilite">SameSite=None</code> attribute for older browsers which reject the more-recently defined <code class="codehilite">SameSite=None</code> value</td>
<td><code class="codehilite">&quot;true&quot;</code> or <code class="codehilite">&quot;false&quot;</code></td>
<td>Will omit <code class="codehilite"><span class="err">SameSite=None</span></code> attribute for older browsers which reject the more-recently defined <code class="codehilite"><span class="err">SameSite=None</span></code> value</td>
<td><code class="codehilite"><span class="err">&quot;true&quot;</span></code> or <code class="codehilite"><span class="err">&quot;false&quot;</span></code></td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-max-age</td>
<td>Time until the cookie expires, corresponds to the <code class="codehilite">Max-Age</code> cookie directive</td>
<td>Time until the cookie expires, corresponds to the <code class="codehilite"><span class="err">Max-Age</span></code> cookie directive</td>
<td>number of seconds</td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-expires</td>
<td>Legacy version of the previous annotation for compatibility with older browsers, generates an <code class="codehilite">Expires</code> cookie directive by adding the seconds to the current date</td>
<td>Legacy version of the previous annotation for compatibility with older browsers, generates an <code class="codehilite"><span class="err">Expires</span></code> cookie directive by adding the seconds to the current date</td>
<td>number of seconds</td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-change-on-failure</td>
<td>When set to <code class="codehilite">false</code> nginx ingress will send request to upstream pointed by sticky cookie even if previous attempt failed. When set to <code class="codehilite">true</code> and previous attempt failed, sticky cookie will be changed to point to another upstream.</td>
<td><code class="codehilite">true</code> or <code class="codehilite">false</code> (defaults to <code class="codehilite">false</code>)</td>
<td>When set to <code class="codehilite"><span class="err">false</span></code> nginx ingress will send request to upstream pointed by sticky cookie even if previous attempt failed. When set to <code class="codehilite"><span class="err">true</span></code> and previous attempt failed, sticky cookie will be changed to point to another upstream.</td>
<td><code class="codehilite"><span class="err">true</span></code> or <code class="codehilite"><span class="err">false</span></code> (defaults to <code class="codehilite"><span class="err">false</span></code>)</td>
</tr>
</tbody>
</table>
<p>You can create the <a href="ingress.yaml">example Ingress</a> to test this:</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl create -f ingress.yaml</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl create -f ingress.yaml</span>
</code></pre></div>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link"></a></h2>
<p>You can confirm that the Ingress works:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl describe ing nginx-test
<span class="go">Name: nginx-test</span>
<span class="go">Namespace: default</span>
<span class="go">Address:</span>
@ -1305,10 +1305,10 @@
<span class="go">Last-Modified: Tue, 24 Jan 2017 14:02:19 GMT</span>
<span class="go">ETag: &quot;58875e6b-264&quot;</span>
<span class="go">Accept-Ranges: bytes</span>
</pre></div>
</code></pre></div>
<p>In the example above, you can see that the response contains a <code class="codehilite">Set-Cookie</code> header with the settings we have defined.
This cookie is created by NGINX, it contains a randomly generated key corresponding to the upstream used for that request (selected using <a href="https://en.wikipedia.org/wiki/Consistent_hashing">consistent hashing</a>) and has an <code class="codehilite">Expires</code> directive.
<p>In the example above, you can see that the response contains a <code class="codehilite"><span class="err">Set-Cookie</span></code> header with the settings we have defined.
This cookie is created by NGINX, it contains a randomly generated key corresponding to the upstream used for that request (selected using <a href="https://en.wikipedia.org/wiki/Consistent_hashing">consistent hashing</a>) and has an <code class="codehilite"><span class="err">Expires</span></code> directive.
If the user changes this cookie, NGINX creates a new one and redirects the user to another upstream.</p>
<p>If the backend pool grows NGINX will keep sending the requests through the same server of the first request, even if it's overloaded.</p>
<p>When the backend server is removed, the requests are re-routed to another upstream server. This does not require the cookie to be updated because the key's <a href="https://en.wikipedia.org/wiki/Consistent_hashing">consistent hash</a> will change.</p>
@ -1317,6 +1317,7 @@ This means that you can face the situation that you've configured session affini
@ -1371,9 +1372,9 @@ This means that you can face the situation that you've configured session affini
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1383,7 +1384,7 @@ This means that you can face the situation that you've configured session affini
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

49
examples/auth/basic/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#basic-authentication" tabindex="1" class="md-skip">
<a href="#basic-authentication" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1151,20 +1151,20 @@
<h1 id="basic-authentication">Basic Authentication<a class="headerlink" href="#basic-authentication" title="Permanent link"></a></h1>
<p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code class="codehilite">htpasswd</code>.
It's important the file generated is named <code class="codehilite">auth</code> (actually - that the secret has a key <code class="codehilite">data.auth</code>), otherwise the ingress-controller returns a 503.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> htpasswd -c auth foo
<p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code class="codehilite"><span class="err">htpasswd</span></code>.
It's important the file generated is named <code class="codehilite"><span class="err">auth</span></code> (actually - that the secret has a key <code class="codehilite"><span class="err">data.auth</span></code>), otherwise the ingress-controller returns a 503.</p>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> htpasswd -c auth foo
<span class="go">New password: &lt;bar&gt;</span>
<span class="go">New password:</span>
<span class="go">Re-type new password:</span>
<span class="go">Adding password for user foo</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create secret generic basic-auth --from-file<span class="o">=</span>auth
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create secret generic basic-auth --from-file<span class="o">=</span>auth
<span class="go">secret &quot;basic-auth&quot; created</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get secret basic-auth -o yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl get secret basic-auth -o yaml
<span class="go">apiVersion: v1</span>
<span class="go">data:</span>
<span class="go"> auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK</span>
@ -1173,9 +1173,9 @@ It's important the file generated is named <code class="codehilite">auth</code>
<span class="go"> name: basic-auth</span>
<span class="go"> namespace: default</span>
<span class="go">type: Opaque</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="go">echo &quot;</span>
<div class="codehilite"><pre><span></span><code><span class="go">echo &quot;</span>
<span class="go">apiVersion: networking.k8s.io/v1beta1</span>
<span class="go">kind: Ingress</span>
<span class="go">metadata:</span>
@ -1197,9 +1197,9 @@ It's important the file generated is named <code class="codehilite">auth</code>
<span class="go"> serviceName: http-svc</span>
<span class="go"> servicePort: 80</span>
<span class="go">&quot; | kubectl create -f -</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span>$ curl -v http://10.2.29.4/ -H &#39;Host: foo.bar.com&#39;
<div class="codehilite"><pre><span></span><code>$ curl -v http://10.2.29.4/ -H &#39;Host: foo.bar.com&#39;
* Trying 10.2.29.4...
* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
&gt; GET / HTTP/1.1
@ -1223,9 +1223,9 @@ It's important the file generated is named <code class="codehilite">auth</code>
<span class="nt">&lt;/body&gt;</span>
<span class="nt">&lt;/html&gt;</span>
* Connection #0 to host 10.2.29.4 left intact
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span>$ curl -v http://10.2.29.4/ -H <span class="s1">&#39;Host: foo.bar.com&#39;</span> -u <span class="s1">&#39;foo:bar&#39;</span>
<div class="codehilite"><pre><span></span><code>$ curl -v http://10.2.29.4/ -H <span class="s1">&#39;Host: foo.bar.com&#39;</span> -u <span class="s1">&#39;foo:bar&#39;</span>
* Trying <span class="m">10</span>.2.29.4...
* Connected to <span class="m">10</span>.2.29.4 <span class="o">(</span><span class="m">10</span>.2.29.4<span class="o">)</span> port <span class="m">80</span> <span class="o">(</span><span class="c1">#0)</span>
* Server auth using Basic with user <span class="s1">&#39;foo&#39;</span>
@ -1268,10 +1268,11 @@ x-real-ip<span class="o">=</span><span class="m">10</span>.2.29.1
BODY:
* Connection <span class="c1">#0 to host 10.2.29.4 left intact</span>
-no body in request-
</pre></div>
</code></pre></div>
@ -1326,9 +1327,9 @@ BODY:
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1338,7 +1339,7 @@ BODY:
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

41
examples/auth/client-certs/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#client-certificate-authentication" tabindex="1" class="md-skip">
<a href="#client-certificate-authentication" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1219,12 +1219,12 @@ Before getting started you must have the following Certificates Setup:</p>
</ol>
<p>For more details on the generation process, checkout the Prerequisite <a href="../../PREREQUISITES/#client-certificate-authentication">docs</a>.</p>
<p>You can have as many certificates as you want. If they're in the binary DER format, you can convert them as the following:</p>
<div class="codehilite"><pre><span></span>openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem
</pre></div>
<div class="codehilite"><pre><span></span><code>openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem
</code></pre></div>
<p>Then, you can concatenate them all in only one file, named 'ca.crt' as the following:</p>
<div class="codehilite"><pre><span></span>cat certificate1.crt certificate2.crt certificate3.crt &gt;&gt; ca.crt
</pre></div>
<div class="codehilite"><pre><span></span><code>cat certificate1.crt certificate2.crt certificate3.crt &gt;&gt; ca.crt
</code></pre></div>
<p><strong>Note:</strong> Make sure that the Key Size is greater than 1024 and Hashing Algorithm(Digest) is something better than md5
for each certificate generated. Otherwise you will receive an error.</p>
@ -1235,23 +1235,23 @@ Authentication to work properly.</p>
<li>
<p>You can create a secret containing just the CA certificate and another
Secret containing the Server Certificate which is Signed by the CA.</p>
<div class="codehilite"><pre><span></span>kubectl create secret generic ca-secret --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
<div class="codehilite"><pre><span></span><code>kubectl create secret generic ca-secret --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.crt<span class="o">=</span>server.crt --from-file<span class="o">=</span>tls.key<span class="o">=</span>server.key
</pre></div>
</code></pre></div>
</li>
<li>
<p>You can create a secret containing CA certificate along with the Server
Certificate, that can be used for both TLS and Client Auth.</p>
<div class="codehilite"><pre><span></span>kubectl create secret generic ca-secret --from-file<span class="o">=</span>tls.crt<span class="o">=</span>server.crt --from-file<span class="o">=</span>tls.key<span class="o">=</span>server.key --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
</pre></div>
<div class="codehilite"><pre><span></span><code>kubectl create secret generic ca-secret --from-file<span class="o">=</span>tls.crt<span class="o">=</span>server.crt --from-file<span class="o">=</span>tls.key<span class="o">=</span>server.key --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt
</code></pre></div>
</li>
<li>
<p>If you want to also enable Certificate Revocation List verification you can
create the secret also containing the CRL file in PEM format:
<div class="codehilite"><pre><span></span>kubectl create secret generic ca-secret --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt --from-file<span class="o">=</span>ca.crl<span class="o">=</span>ca.crl
</pre></div></p>
<div class="codehilite"><pre><span></span><code>kubectl create secret generic ca-secret --from-file<span class="o">=</span>ca.crt<span class="o">=</span>ca.crt --from-file<span class="o">=</span>ca.crl<span class="o">=</span>ca.crl
</code></pre></div></p>
</li>
</ol>
<p>Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates.</p>
@ -1264,6 +1264,7 @@ kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.
@ -1318,9 +1319,9 @@ kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1330,7 +1331,7 @@ kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

39
examples/auth/external-auth/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#external-basic-authentication" tabindex="1" class="md-skip">
<a href="#external-basic-authentication" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1197,8 +1197,8 @@
<h1 id="external-basic-authentication">External Basic Authentication<a class="headerlink" href="#external-basic-authentication" title="Permanent link"></a></h1>
<h3 id="example-1">Example 1:<a class="headerlink" href="#example-1" title="Permanent link"></a></h3>
<p>Use an external service (Basic Auth) located in <code class="codehilite">https://httpbin.org</code></p>
<div class="codehilite"><pre><span></span>$ kubectl create -f ingress.yaml
<p>Use an external service (Basic Auth) located in <code class="codehilite"><span class="c">https://httpbin.org</span></code></p>
<div class="codehilite"><pre><span></span><code>$ kubectl create -f ingress.yaml
ingress <span class="s2">&quot;external-auth&quot;</span> created
$ kubectl get ing external-auth
@ -1232,10 +1232,10 @@ status:
ingress:
- ip: <span class="m">172</span>.17.4.99
$
</pre></div>
</code></pre></div>
<p>Test 1: no username/password (expect code 401)</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span>
<span class="go">* Rebuilt URL to: http://172.17.4.99/</span>
<span class="go">* Trying 172.17.4.99...</span>
<span class="go">* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)</span>
@ -1260,10 +1260,10 @@ $
<span class="go">&lt;/body&gt;</span>
<span class="go">&lt;/html&gt;</span>
<span class="go">* Connection #0 to host 172.17.4.99 left intact</span>
</pre></div>
</code></pre></div>
<p>Test 2: valid username/password (expect code 200)
<div class="codehilite"><pre><span></span>$ curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span> -u <span class="s1">&#39;user:passwd&#39;</span>
<div class="codehilite"><pre><span></span><code>$ curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span> -u <span class="s1">&#39;user:passwd&#39;</span>
* Rebuilt URL to: http://172.17.4.99/
* Trying <span class="m">172</span>.17.4.99...
* Connected to <span class="m">172</span>.17.4.99 <span class="o">(</span><span class="m">172</span>.17.4.99<span class="o">)</span> port <span class="m">80</span> <span class="o">(</span><span class="c1">#0)</span>
@ -1306,9 +1306,9 @@ x-real-ip<span class="o">=</span><span class="m">10</span>.2.60.1
BODY:
* Connection <span class="c1">#0 to host 172.17.4.99 left intact</span>
-no body in request-
</pre></div></p>
</code></pre></div></p>
<p>Test 3: invalid username/password (expect code 401)
<div class="codehilite"><pre><span></span>curl -k http://172.17.4.99 -v -H &#39;Host: external-auth-01.sample.com&#39; -u &#39;user:user&#39;
<div class="codehilite"><pre><span></span><code>curl -k http://172.17.4.99 -v -H &#39;Host: external-auth-01.sample.com&#39; -u &#39;user:user&#39;
* Rebuilt URL to: http://172.17.4.99/
* Trying 172.17.4.99...
* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
@ -1336,10 +1336,11 @@ BODY:
<span class="nt">&lt;/body&gt;</span>
<span class="nt">&lt;/html&gt;</span>
* Connection #0 to host 172.17.4.99 left intact
</pre></div></p>
</code></pre></div></p>
@ -1394,9 +1395,9 @@ BODY:
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1406,7 +1407,7 @@ BODY:
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

53
examples/auth/oauth-external-auth/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#external-oauth-authentication" tabindex="1" class="md-skip">
<a href="#external-oauth-authentication" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1251,45 +1251,45 @@
<h1 id="external-oauth-authentication">External OAUTH Authentication<a class="headerlink" href="#external-oauth-authentication" title="Permanent link"></a></h1>
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link"></a></h3>
<p>The <code class="codehilite">auth-url</code> and <code class="codehilite">auth-signin</code> annotations allow you to use an external
<p>The <code class="codehilite"><span class="err">auth-url</span></code> and <code class="codehilite"><span class="err">auth-signin</span></code> annotations allow you to use an external
authentication provider to protect your Ingress resources.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>This annotation requires <code class="codehilite">nginx-ingress-controller v0.9.0</code> or greater.)</p>
<p>This annotation requires <code class="codehilite"><span class="err">nginx-ingress-controller v0.9.0</span></code> or greater.)</p>
</div>
<h3 id="key-detail">Key Detail<a class="headerlink" href="#key-detail" title="Permanent link"></a></h3>
<p>This functionality is enabled by deploying multiple Ingress objects for a single host.
One Ingress object has no special annotations and handles authentication.</p>
<p>Other Ingress objects can then be annotated in such a way that require the user to
authenticate against the first Ingress's endpoint, and can redirect <code class="codehilite">401</code>s to the
authenticate against the first Ingress's endpoint, and can redirect <code class="codehilite"><span class="err">401</span></code>s to the
same endpoint.</p>
<p>Sample:</p>
<div class="codehilite"><pre><span></span><span class="nn">...</span>
<div class="codehilite"><pre><span></span><code><span class="nn">...</span>
<span class="nt">metadata</span><span class="p">:</span>
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">application</span>
<span class="nt">annotations</span><span class="p">:</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-url</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/auth&quot;</span>
<span class="nt">nginx.ingress.kubernetes.io/auth-signin</span><span class="p">:</span> <span class="s">&quot;https://$host/oauth2/start?rd=$escaped_request_uri&quot;</span>
<span class="nn">...</span>
</pre></div>
</code></pre></div>
<h3 id="example-oauth2-proxy-kubernetes-dashboard">Example: OAuth2 Proxy + Kubernetes-Dashboard<a class="headerlink" href="#example-oauth2-proxy-kubernetes-dashboard" title="Permanent link"></a></h3>
<p>This example will show you how to deploy <a href="https://github.com/pusher/oauth2_proxy"><code class="codehilite">oauth2_proxy</code></a>
<p>This example will show you how to deploy <a href="https://github.com/pusher/oauth2_proxy"><code class="codehilite"><span class="err">oauth2_proxy</span></code></a>
into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider</p>
<h4 id="prepare">Prepare<a class="headerlink" href="#prepare" title="Permanent link"></a></h4>
<ol>
<li>Install the kubernetes dashboard</li>
</ol>
<div class="codehilite"><pre><span></span><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.10.1.yaml</span>
</code></pre></div>
<ol>
<li>Create a <a href="https://github.com/settings/applications/new">custom Github OAuth application</a></li>
</ol>
<p><img alt="Register OAuth2 Application" src="images/register-oauth-app.png" /></p>
<ul>
<li>Homepage URL is the FQDN in the Ingress rule, like <code class="codehilite">https://foo.bar.com</code></li>
<li>Authorization callback URL is the same as the base FQDN plus <code class="codehilite">/oauth2</code>, like <code class="codehilite">https://foo.bar.com/oauth2</code></li>
<li>Homepage URL is the FQDN in the Ingress rule, like <code class="codehilite"><span class="c">https://foo.bar.com</span></code></li>
<li>Authorization callback URL is the same as the base FQDN plus <code class="codehilite"><span class="err">/oauth2</span></code>, like <code class="codehilite"><span class="c">https://foo.bar.com/oauth2</span></code></li>
</ul>
<p><img alt="Register OAuth2 Application" src="images/register-oauth-app-2.png" /></p>
<ol>
@ -1297,9 +1297,9 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<p>Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values:</p>
</li>
<li>
<p>OAUTH2_PROXY_CLIENT_ID with the github <code class="codehilite">&lt;Client ID&gt;</code></p>
<p>OAUTH2_PROXY_CLIENT_ID with the github <code class="codehilite"><span class="err">&lt;Client ID&gt;</span></code></p>
</li>
<li>OAUTH2_PROXY_CLIENT_SECRET with the github <code class="codehilite">&lt;Client Secret&gt;</code></li>
<li>OAUTH2_PROXY_CLIENT_SECRET with the github <code class="codehilite"><span class="err">&lt;Client Secret&gt;</span></code></li>
<li>
<p>OAUTH2_PROXY_COOKIE_SECRET with value of <code class="codehilite"><span class="n">python</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;import os,base64; print(base64.b64encode(os.urandom(16)).decode(&quot;ascii&quot;))&#39;</span></code></p>
</li>
@ -1307,20 +1307,21 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<p>Customize the contents of the file dashboard-ingress.yaml:</p>
</li>
</ol>
<p>Replace <code class="codehilite">__INGRESS_HOST__</code> with a valid FQDN and <code class="codehilite">__INGRESS_SECRET__</code> with a Secret with a valid SSL certificate.</p>
<p>Replace <code class="codehilite"><span class="err">__INGRESS_HOST__</span></code> with a valid FQDN and <code class="codehilite"><span class="err">__INGRESS_SECRET__</span></code> with a Secret with a valid SSL certificate.</p>
<ol>
<li>Deploy the oauth2 proxy and the ingress rules running:</li>
</ol>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
</code></pre></div>
<p>Test the oauth integration accessing the configured URL, like <code class="codehilite">https://foo.bar.com</code></p>
<p>Test the oauth integration accessing the configured URL, like <code class="codehilite"><span class="c">https://foo.bar.com</span></code></p>
<p><img alt="Register OAuth2 Application" src="images/github-auth.png" /></p>
<p><img alt="Github authentication" src="images/oauth-login.png" /></p>
<p><img alt="Kubernetes dashboard" src="images/dashboard.png" /></p>
@ -1375,9 +1376,9 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1387,7 +1388,7 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

27
examples/customization/configuration-snippets/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#configuration-snippets" tabindex="1" class="md-skip">
<a href="#configuration-snippets" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1212,15 +1212,16 @@
<h1 id="configuration-snippets">Configuration Snippets<a class="headerlink" href="#configuration-snippets" title="Permanent link"></a></h1>
<h2 id="ingress">Ingress<a class="headerlink" href="#ingress" title="Permanent link"></a></h2>
<p>The Ingress in this example adds a custom header to Nginx configuration that only applies to that specific Ingress. If you want to add headers that apply globally to all Ingresses, please have a look at <a href="../custom-headers/">this example</a>.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl apply -f ingress.yaml
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl apply -f ingress.yaml
</code></pre></div>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check if the contents of the annotation are present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>
<code class="codehilite"><span class="err">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</span></code></p>
@ -1275,9 +1276,9 @@
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1287,7 +1288,7 @@
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

31
examples/customization/custom-configuration/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#custom-configuration" tabindex="1" class="md-skip">
<a href="#custom-configuration" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1153,7 +1153,7 @@
<h1 id="custom-configuration">Custom Configuration<a class="headerlink" href="#custom-configuration" title="Permanent link"></a></h1>
<p>Using a <a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/">ConfigMap</a> is possible to customize the NGINX configuration</p>
<p>For example, if we want to change the timeouts we need to create a ConfigMap:</p>
<div class="codehilite"><pre><span></span>$ cat configmap.yaml
<div class="codehilite"><pre><span></span><code>$ cat configmap.yaml
apiVersion: v1
data:
proxy-connect-timeout: <span class="s2">&quot;10&quot;</span>
@ -1162,16 +1162,17 @@ data:
kind: ConfigMap
metadata:
name: nginx-configuration
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span>curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-configuration/configmap.yaml \
| kubectl apply -f -
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="err">curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-configuration/configmap.yaml \</span>
<span class="err"> | kubectl apply -f -</span>
</code></pre></div>
<p>If the Configmap it is updated, NGINX will be reloaded with the new configuration.</p>
@ -1226,9 +1227,9 @@ metadata:
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1238,7 +1239,7 @@ metadata:
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

53
examples/customization/custom-errors/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#custom-errors" tabindex="1" class="md-skip">
<a href="#custom-errors" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1226,49 +1226,49 @@
<h1 id="custom-errors">Custom Errors<a class="headerlink" href="#custom-errors" title="Permanent link"></a></h1>
<p>This example demonstrates how to use a custom backend to render custom error pages.</p>
<h2 id="customized-default-backend">Customized default backend<a class="headerlink" href="#customized-default-backend" title="Permanent link"></a></h2>
<p>First, create the custom <code class="codehilite">default-backend</code>. It will be used by the Ingress controller later on.</p>
<div class="codehilite"><pre><span></span>$ kubectl create -f custom-default-backend.yaml
<p>First, create the custom <code class="codehilite"><span class="err">default-backend</span></code>. It will be used by the Ingress controller later on.</p>
<div class="codehilite"><pre><span></span><code>$ kubectl create -f custom-default-backend.yaml
service <span class="s2">&quot;nginx-errors&quot;</span> created
deployment.apps <span class="s2">&quot;nginx-errors&quot;</span> created
</pre></div>
</code></pre></div>
<p>This should have created a Deployment and a Service with the name <code class="codehilite">nginx-errors</code>.</p>
<div class="codehilite"><pre><span></span>$ kubectl get deploy,svc
<p>This should have created a Deployment and a Service with the name <code class="codehilite"><span class="err">nginx-errors</span></code>.</p>
<div class="codehilite"><pre><span></span><code>$ kubectl get deploy,svc
NAME DESIRED CURRENT READY AGE
deployment.apps/nginx-errors <span class="m">1</span> <span class="m">1</span> <span class="m">1</span> 10s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE
service/nginx-errors ClusterIP <span class="m">10</span>.0.0.12 &lt;none&gt; <span class="m">80</span>/TCP 10s
</pre></div>
</code></pre></div>
<h2 id="ingress-controller-configuration">Ingress controller configuration<a class="headerlink" href="#ingress-controller-configuration" title="Permanent link"></a></h2>
<p>If you do not already have an instance of the NGINX Ingress controller running, deploy it according to the
<a href="../../../deploy/">deployment guide</a>, then follow these steps:</p>
<ol>
<li>
<p>Edit the <code class="codehilite">nginx-ingress-controller</code> Deployment and set the value of the <code class="codehilite">--default-backend</code> flag to the name of the
<p>Edit the <code class="codehilite"><span class="err">nginx-ingress-controller</span></code> Deployment and set the value of the <code class="codehilite"><span class="err">--default-backend</span></code> flag to the name of the
newly created error backend.</p>
</li>
<li>
<p>Edit the <code class="codehilite">nginx-configuration</code> ConfigMap and create the key <code class="codehilite">custom-http-errors</code> with a value of <code class="codehilite">404,503</code>.</p>
<p>Edit the <code class="codehilite"><span class="err">nginx-configuration</span></code> ConfigMap and create the key <code class="codehilite"><span class="err">custom-http-errors</span></code> with a value of <code class="codehilite"><span class="err">404,503</span></code>.</p>
</li>
<li>
<p>Take note of the IP address assigned to the NGINX Ingress controller Service.
<div class="codehilite"><pre><span></span>$ kubectl get svc ingress-nginx
<div class="codehilite"><pre><span></span><code>$ kubectl get svc ingress-nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE
ingress-nginx ClusterIP <span class="m">10</span>.0.0.13 &lt;none&gt; <span class="m">80</span>/TCP,443/TCP 10m
</pre></div></p>
</code></pre></div></p>
</li>
</ol>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>The <code class="codehilite">ingress-nginx</code> Service is of type <code class="codehilite">ClusterIP</code> in this example. This may vary depending on your environment.
<p>The <code class="codehilite"><span class="err">ingress-nginx</span></code> Service is of type <code class="codehilite"><span class="err">ClusterIP</span></code> in this example. This may vary depending on your environment.
Make sure you can use the Service to reach NGINX before proceeding with the rest of this example.</p>
</div>
<h2 id="testing-error-pages">Testing error pages<a class="headerlink" href="#testing-error-pages" title="Permanent link"></a></h2>
<p>Let us send a couple of HTTP requests using cURL and validate everything is working as expected.</p>
<p>A request to the default backend returns a 404 error with a custom message:</p>
<div class="codehilite"><pre><span></span>$ curl -D- http://10.0.0.13/
<div class="codehilite"><pre><span></span><code>$ curl -D- http://10.0.0.13/
HTTP/1.1 404 Not Found
Server: nginx/1.13.12
Date: Tue, 12 Jun 2018 19:11:24 GMT
@ -1277,10 +1277,10 @@ Transfer-Encoding: chunked
Connection: keep-alive
<span class="nt">&lt;span&gt;</span>The page you&#39;re looking for could not be found.<span class="nt">&lt;/span&gt;</span>
</pre></div>
</code></pre></div>
<p>A request with a custom <code class="codehilite">Accept</code> header returns the corresponding document type (JSON):</p>
<div class="codehilite"><pre><span></span>$ curl -D- -H <span class="s1">&#39;Accept: application/json&#39;</span> http://10.0.0.13/
<p>A request with a custom <code class="codehilite"><span class="err">Accept</span></code> header returns the corresponding document type (JSON):</p>
<div class="codehilite"><pre><span></span><code>$ curl -D- -H <span class="s1">&#39;Accept: application/json&#39;</span> http://10.0.0.13/
HTTP/1.1 <span class="m">404</span> Not Found
Server: nginx/1.13.12
Date: Tue, <span class="m">12</span> Jun <span class="m">2018</span> <span class="m">19</span>:12:36 GMT
@ -1290,13 +1290,14 @@ Connection: keep-alive
Vary: Accept-Encoding
<span class="o">{</span> <span class="s2">&quot;message&quot;</span>: <span class="s2">&quot;The page you&#39;re looking for could not be found&quot;</span> <span class="o">}</span>
</pre></div>
</code></pre></div>
<p>To go further with this example, feel free to deploy your own applications and Ingress objects, and validate that the
responses are still in the correct format when a backend returns 503 (eg. if you scale a Deployment down to 0 replica).</p>
@ -1351,9 +1352,9 @@ responses are still in the correct format when a backend returns 503 (eg. if you
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1363,7 +1364,7 @@ responses are still in the correct format when a backend returns 503 (eg. if you
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

37
examples/customization/custom-headers/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#custom-headers" tabindex="1" class="md-skip">
<a href="#custom-headers" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1199,21 +1199,22 @@
<p>This example demonstrates configuration of the nginx ingress controller via
a ConfigMap to pass a custom list of headers to the upstream
server.</p>
<p><a href="custom-headers.yaml">custom-headers.yaml</a> defines a ConfigMap in the <code class="codehilite">ingress-nginx</code> namespace named <code class="codehilite">custom-headers</code>, holding several custom X-prefixed HTTP headers.</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/custom-headers.yaml</span>
</pre></div>
<p><a href="custom-headers.yaml">custom-headers.yaml</a> defines a ConfigMap in the <code class="codehilite"><span class="err">ingress-nginx</span></code> namespace named <code class="codehilite"><span class="err">custom-headers</span></code>, holding several custom X-prefixed HTTP headers.</p>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/custom-headers.yaml</span>
</code></pre></div>
<p><a href="configmap.yaml">configmap.yaml</a> defines a ConfigMap in the <code class="codehilite">ingress-nginx</code> namespace named <code class="codehilite">nginx-configuration</code>. This controls the <a href="../../../user-guide/nginx-configuration/configmap/">global configuration</a> of the ingress controller, and already exists in a standard installation. The key <code class="codehilite">proxy-set-headers</code> is set to cite the previously-created <code class="codehilite">ingress-nginx/custom-headers</code> ConfigMap.</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/configmap.yaml</span>
</pre></div>
<p><a href="configmap.yaml">configmap.yaml</a> defines a ConfigMap in the <code class="codehilite"><span class="err">ingress-nginx</span></code> namespace named <code class="codehilite"><span class="err">nginx-configuration</span></code>. This controls the <a href="../../../user-guide/nginx-configuration/configmap/">global configuration</a> of the ingress controller, and already exists in a standard installation. The key <code class="codehilite"><span class="err">proxy-set-headers</span></code> is set to cite the previously-created <code class="codehilite"><span class="err">ingress-nginx/custom-headers</span></code> ConfigMap.</p>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-headers/configmap.yaml</span>
</code></pre></div>
<p>The nginx ingress controller will read the <code class="codehilite">ingress-nginx/nginx-configuration</code> ConfigMap, find the <code class="codehilite">proxy-set-headers</code> key, read HTTP headers from the <code class="codehilite">ingress-nginx/custom-headers</code> ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends.</p>
<p>The nginx ingress controller will read the <code class="codehilite"><span class="err">ingress-nginx/nginx-configuration</span></code> ConfigMap, find the <code class="codehilite"><span class="err">proxy-set-headers</span></code> key, read HTTP headers from the <code class="codehilite"><span class="err">ingress-nginx/custom-headers</span></code> ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends.</p>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check the contents of the ConfigMaps are present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n ingress-nginx cat /etc/nginx/nginx.conf</code></p>
<code class="codehilite"><span class="err">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n ingress-nginx cat /etc/nginx/nginx.conf</span></code></p>
@ -1268,9 +1269,9 @@ server.</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1280,7 +1281,7 @@ server.</p>
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

45
examples/customization/external-auth-headers/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#external-authentication-authentication-service-response-headers-propagation" tabindex="1" class="md-skip">
<a href="#external-authentication-authentication-service-response-headers-propagation" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1156,8 +1156,8 @@ to backend service.</p>
<p>Sample configuration includes:</p>
<ul>
<li>Sample authentication service producing several response headers</li>
<li>Authentication logic is based on HTTP header: requests with header <code class="codehilite">User</code> containing string <code class="codehilite">internal</code> are considered authenticated</li>
<li>After successful authentication service generates response headers <code class="codehilite">UserID</code> and <code class="codehilite">UserRole</code></li>
<li>Authentication logic is based on HTTP header: requests with header <code class="codehilite"><span class="err">User</span></code> containing string <code class="codehilite"><span class="err">internal</span></code> are considered authenticated</li>
<li>After successful authentication service generates response headers <code class="codehilite"><span class="err">UserID</span></code> and <code class="codehilite"><span class="err">UserRole</span></code></li>
<li>Sample echo service displaying header information</li>
<li>Two ingress objects pointing to echo service</li>
<li>Public, which allows access from unauthenticated users</li>
@ -1165,7 +1165,7 @@ to backend service.</p>
</ul>
<p>You can deploy the controller as
follows:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f deploy/
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f deploy/
<span class="go">deployment &quot;demo-auth-service&quot; created</span>
<span class="go">service &quot;demo-auth-service&quot; created</span>
<span class="go">ingress &quot;demo-auth-service&quot; created</span>
@ -1183,10 +1183,10 @@ follows:</p>
<span class="go">NAME HOSTS ADDRESS PORTS AGE</span>
<span class="go">public-demo-echo-service public-demo-echo-service.kube.local 80 1m</span>
<span class="go">secure-demo-echo-service secure-demo-echo-service.kube.local 80 1m</span>
</pre></div>
</code></pre></div>
<p>Test 1: public service with no auth header</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
<span class="go">* Rebuilt URL to: 192.168.99.100/</span>
<span class="go">* Trying 192.168.99.100...</span>
<span class="go">* Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)</span>
@ -1204,10 +1204,10 @@ follows:</p>
<span class="go">&lt;</span>
<span class="go">* Connection #0 to host 192.168.99.100 left intact</span>
<span class="go">UserID: , UserRole:</span>
</pre></div>
</code></pre></div>
<p>Test 2: secure service with no auth header</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
<span class="go">* Rebuilt URL to: 192.168.99.100/</span>
<span class="go">* Trying 192.168.99.100...</span>
<span class="go">* Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)</span>
@ -1231,10 +1231,10 @@ follows:</p>
<span class="go">&lt;/body&gt;</span>
<span class="go">&lt;/html&gt;</span>
<span class="go">* Connection #0 to host 192.168.99.100 left intact</span>
</pre></div>
</code></pre></div>
<p>Test 3: public service with valid auth header</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
<span class="go">* Rebuilt URL to: 192.168.99.100/</span>
<span class="go">* Trying 192.168.99.100...</span>
<span class="go">* Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)</span>
@ -1253,10 +1253,10 @@ follows:</p>
<span class="go">&lt;</span>
<span class="go">* Connection #0 to host 192.168.99.100 left intact</span>
<span class="go">UserID: 1443635317331776148, UserRole: admin</span>
</pre></div>
</code></pre></div>
<p>Test 4: secure service with valid auth header</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
<span class="go">* Rebuilt URL to: 192.168.99.100/</span>
<span class="go">* Trying 192.168.99.100...</span>
<span class="go">* Connected to 192.168.99.100 (192.168.99.100) port 80 (#0)</span>
@ -1275,10 +1275,11 @@ follows:</p>
<span class="go">&lt;</span>
<span class="go">* Connection #0 to host 192.168.99.100 left intact</span>
<span class="go">UserID: 605394647632969758, UserRole: admin</span>
</pre></div>
</code></pre></div>
@ -1333,9 +1334,9 @@ follows:</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1345,7 +1346,7 @@ follows:</p>
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

43
examples/customization/ssl-dh-param/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#custom-dh-parameters-for-perfect-forward-secrecy" tabindex="1" class="md-skip">
<a href="#custom-dh-parameters-for-perfect-forward-secrecy" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1228,7 +1228,7 @@
use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
"Perfect Forward Secrecy".</p>
<h2 id="custom-configuration">Custom configuration<a class="headerlink" href="#custom-configuration" title="Permanent link"></a></h2>
<div class="codehilite"><pre><span></span><span class="gp">$</span> cat configmap.yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> cat configmap.yaml
<span class="go">apiVersion: v1</span>
<span class="go">data:</span>
<span class="go"> ssl-dh-param: &quot;ingress-nginx/lb-dhparam&quot;</span>
@ -1239,17 +1239,17 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
<span class="go"> labels:</span>
<span class="go"> app.kubernetes.io/name: ingress-nginx</span>
<span class="go"> app.kubernetes.io/part-of: ingress-nginx</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f configmap.yaml
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f configmap.yaml
</code></pre></div>
<h2 id="custom-dh-parameters-secret">Custom DH parameters secret<a class="headerlink" href="#custom-dh-parameters-secret" title="Permanent link"></a></h2>
<div class="codehilite"><pre><span></span><span class="gp">$</span>&gt; openssl dhparam <span class="m">1024</span> <span class="m">2</span>&gt; /dev/null <span class="p">|</span> base64
<div class="codehilite"><pre><span></span><code><span class="gp">$</span>&gt; openssl dhparam <span class="m">1024</span> <span class="m">2</span>&gt; /dev/null <span class="p">|</span> base64
<span class="go">LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="gp">$</span> cat ssl-dh-param.yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> cat ssl-dh-param.yaml
<span class="go">apiVersion: v1</span>
<span class="go">data:</span>
<span class="go"> dhparam.pem: &quot;LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...&quot;</span>
@ -1260,17 +1260,18 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
<span class="go"> labels:</span>
<span class="go"> app.kubernetes.io/name: ingress-nginx</span>
<span class="go"> app.kubernetes.io/part-of: ingress-nginx</span>
</pre></div>
</code></pre></div>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f ssl-dh-param.yaml
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f ssl-dh-param.yaml
</code></pre></div>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check the contents of the configmap is present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>
<code class="codehilite"><span class="err">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</span></code></p>
@ -1325,9 +1326,9 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1337,7 +1338,7 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

31
examples/customization/sysctl/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#sysctl-tuning" tabindex="1" class="md-skip">
<a href="#sysctl-tuning" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1151,20 +1151,21 @@
<h1 id="sysctl-tuning">Sysctl tuning<a class="headerlink" href="#sysctl-tuning" title="Permanent link"></a></h1>
<p>This example aims to demonstrate the use of an Init Container to adjust sysctl default values using <code class="codehilite">kubectl patch</code></p>
<div class="codehilite"><pre><span></span><span class="go">kubectl patch deployment -n ingress-nginx nginx-ingress-controller \</span>
<p>This example aims to demonstrate the use of an Init Container to adjust sysctl default values using <code class="codehilite"><span class="err">kubectl patch</span></code></p>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl patch deployment -n ingress-nginx nginx-ingress-controller \</span>
<span class="go"> --patch=&quot;$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/sysctl/patch.json)&quot;</span>
</pre></div>
</code></pre></div>
<p><strong>Changes:</strong></p>
<ul>
<li>Backlog Queue setting <code class="codehilite">net.core.somaxconn</code> from <code class="codehilite">128</code> to <code class="codehilite">32768</code></li>
<li>Ephemeral Ports setting <code class="codehilite">net.ipv4.ip_local_port_range</code> from <code class="codehilite">32768 60999</code> to <code class="codehilite">1024 65000</code></li>
<li>Backlog Queue setting <code class="codehilite"><span class="err">net.core.somaxconn</span></code> from <code class="codehilite"><span class="err">128</span></code> to <code class="codehilite"><span class="err">32768</span></code></li>
<li>Ephemeral Ports setting <code class="codehilite"><span class="err">net.ipv4.ip_local_port_range</span></code> from <code class="codehilite"><span class="err">32768 60999</span></code> to <code class="codehilite"><span class="err">1024 65000</span></code></li>
</ul>
<p>In a <a href="https://www.nginx.com/blog/tuning-nginx/">post from the NGINX blog</a>, it is possible to see an explanation for the changes.</p>
@ -1219,9 +1220,9 @@
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1231,7 +1232,7 @@
</div>
<script src="../../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../../.."}})</script>

47
examples/docker-registry/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#docker-registry" tabindex="1" class="md-skip">
<a href="#docker-registry" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1251,42 +1251,43 @@
<p>This example demonstrates how to deploy a <a href="https://github.com/docker/distribution">docker registry</a> in the cluster and configure Ingress enable access from Internet</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>First we deploy the docker registry in the cluster:</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml</span>
</code></pre></div>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p><strong>DO NOT RUN THIS IN PRODUCTION</strong></p>
<p>This deployment uses <code class="codehilite">emptyDir</code> in the <code class="codehilite">volumeMount</code> which means the contents of the registry will be deleted when the pod dies.</p>
<p>This deployment uses <code class="codehilite"><span class="err">emptyDir</span></code> in the <code class="codehilite"><span class="err">volumeMount</span></code> which means the contents of the registry will be deleted when the pod dies.</p>
</div>
<p>The next required step is creation of the ingress rules. To do this we have two options: with and without TLS</p>
<h3 id="without-tls">Without TLS<a class="headerlink" href="#without-tls" title="Permanent link"></a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml</span>
</pre></div>
<p>Download and edit the yaml deployment replacing <code class="codehilite"><span class="err">registry.&lt;your domain&gt;</span></code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><code><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml</span>
</code></pre></div>
<div class="admonition important">
<p class="admonition-title">Important</p>
</div>
<p>Running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.</p>
</div>
<p>Please check <a href="https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry">deploy a plain http registry</a></p>
<h3 id="with-tls">With TLS<a class="headerlink" href="#with-tls" title="Permanent link"></a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml</span>
</pre></div>
<p>Download and edit the yaml deployment replacing <code class="codehilite"><span class="err">registry.&lt;your domain&gt;</span></code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><code><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml</span>
</code></pre></div>
<p>Deploy <a href="https://github.com/jetstack/kube-lego">kube lego</a> use <a href="https://letsencrypt.org/">Let's Encrypt</a> certificates or edit the ingress rule to use a secret with an existing SSL certificate.</p>
<h3 id="testing">Testing<a class="headerlink" href="#testing" title="Permanent link"></a></h3>
<p>To test the registry is working correctly we download a known image from <a href="https://hub.docker.com">docker hub</a>, create a tag pointing to the new registry and upload the image:</p>
<div class="codehilite"><pre><span></span><span class="go">docker pull ubuntu:16.04</span>
<div class="codehilite"><pre><span></span><code><span class="go">docker pull ubuntu:16.04</span>
<span class="go">docker tag ubuntu:16.04 `registry.&lt;your domain&gt;/ubuntu:16.04`</span>
<span class="go">docker push `registry.&lt;your domain&gt;/ubuntu:16.04`</span>
</pre></div>
</code></pre></div>
<p>Please replace <code class="codehilite">registry.&lt;your domain&gt;</code> with your domain.</p>
<p>Please replace <code class="codehilite"><span class="err">registry.&lt;your domain&gt;</span></code> with your domain.</p>
@ -1341,9 +1342,9 @@
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1353,7 +1354,7 @@
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

75
examples/grpc/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#grpc" tabindex="1" class="md-skip">
<a href="#grpc" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1295,9 +1295,9 @@ nginx controller.</p>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<ol>
<li>You have a kubernetes cluster running.</li>
<li>You have a domain name such as <code class="codehilite">example.com</code> that is configured to route
<li>You have a domain name such as <code class="codehilite"><span class="err">example.com</span></code> that is configured to route
traffic to the ingress controller. Replace references to
<code class="codehilite">fortune-teller.stack.build</code> (the domain name used in this example) to your
<code class="codehilite"><span class="err">fortune-teller.stack.build</span></code> (the domain name used in this example) to your
own domain name (you're also responsible for provisioning an SSL certificate
for the ingress).</li>
<li>You have the nginx-ingress controller installed in typical fashion (must be
@ -1309,59 +1309,59 @@ nginx controller.</p>
<a href="https://github.com/kubernetes/ingress-nginx/tree/master/images/grpc-fortune-teller">fortune-teller</a>
application provided here as an example.</li>
</ol>
<h3 id="step-1-kubernetes-deployment">Step 1: kubernetes <code class="codehilite">Deployment</code><a class="headerlink" href="#step-1-kubernetes-deployment" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f app.yaml
</pre></div>
<h3 id="step-1-kubernetes-deployment">Step 1: kubernetes <code class="codehilite"><span class="err">Deployment</span></code><a class="headerlink" href="#step-1-kubernetes-deployment" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span><code>$ kubectl create -f app.yaml
</code></pre></div>
<p>This is a standard kubernetes deployment object. It is running a grpc service
listening on port <code class="codehilite">50051</code>.</p>
listening on port <code class="codehilite"><span class="err">50051</span></code>.</p>
<p>The sample application
<a href="https://github.com/kubernetes/ingress-nginx/tree/master/images/grpc-fortune-teller">fortune-teller-app</a>
is a grpc server implemented in go. Here's the stripped-down implementation:</p>
<div class="codehilite"><pre><span></span><span class="kd">func</span> <span class="nx">main</span><span class="p">()</span> <span class="p">{</span>
<div class="codehilite"><pre><span></span><code><span class="kd">func</span> <span class="nx">main</span><span class="p">()</span> <span class="p">{</span>
<span class="nx">grpcServer</span> <span class="o">:=</span> <span class="nx">grpc</span><span class="p">.</span><span class="nx">NewServer</span><span class="p">()</span>
<span class="nx">fortune</span><span class="p">.</span><span class="nx">RegisterFortuneTellerServer</span><span class="p">(</span><span class="nx">grpcServer</span><span class="p">,</span> <span class="o">&amp;</span><span class="nx">FortuneTeller</span><span class="p">{})</span>
<span class="nx">lis</span><span class="p">,</span> <span class="nx">_</span> <span class="o">:=</span> <span class="nx">net</span><span class="p">.</span><span class="nx">Listen</span><span class="p">(</span><span class="s">&quot;tcp&quot;</span><span class="p">,</span> <span class="s">&quot;:50051&quot;</span><span class="p">)</span>
<span class="nx">grpcServer</span><span class="p">.</span><span class="nx">Serve</span><span class="p">(</span><span class="nx">lis</span><span class="p">)</span>
<span class="p">}</span>
</pre></div>
</code></pre></div>
<p>The takeaway is that we are not doing any TLS configuration on the server (as we
are terminating TLS at the ingress level, grpc traffic will travel unencrypted
inside the cluster and arrive "insecure").</p>
<p>For your own application you may or may not want to do this. If you prefer to
forward encrypted traffic to your POD and terminate TLS at the gRPC server
itself, add the ingress annotation <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPCS&quot;</code>.</p>
<h3 id="step-2-the-kubernetes-service">Step 2: the kubernetes <code class="codehilite">Service</code><a class="headerlink" href="#step-2-the-kubernetes-service" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f svc.yaml
</pre></div>
itself, add the ingress annotation <code class="codehilite"><span class="err">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPCS&quot;</span></code>.</p>
<h3 id="step-2-the-kubernetes-service">Step 2: the kubernetes <code class="codehilite"><span class="err">Service</span></code><a class="headerlink" href="#step-2-the-kubernetes-service" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span><code>$ kubectl create -f svc.yaml
</code></pre></div>
<p>Here we have a typical service. Nothing special, just routing traffic to the
backend application on port <code class="codehilite">50051</code>.</p>
<h3 id="step-3-the-kubernetes-ingress">Step 3: the kubernetes <code class="codehilite">Ingress</code><a class="headerlink" href="#step-3-the-kubernetes-ingress" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f ingress.yaml
</pre></div>
backend application on port <code class="codehilite"><span class="err">50051</span></code>.</p>
<h3 id="step-3-the-kubernetes-ingress">Step 3: the kubernetes <code class="codehilite"><span class="err">Ingress</span></code><a class="headerlink" href="#step-3-the-kubernetes-ingress" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span><code>$ kubectl create -f ingress.yaml
</code></pre></div>
<p>A few things to note:</p>
<ol>
<li>We've tagged the ingress with the annotation
<code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPC&quot;</code>. This is the magic
<code class="codehilite"><span class="err">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPC&quot;</span></code>. This is the magic
ingredient that sets up the appropriate nginx configuration to route http/2
traffic to our service.</li>
<li>We're terminating TLS at the ingress and have configured an SSL certificate
<code class="codehilite">fortune-teller.stack.build</code>. The ingress matches traffic arriving as
<code class="codehilite">https://fortune-teller.stack.build:443</code> and routes unencrypted messages to
<code class="codehilite"><span class="err">fortune-teller.stack.build</span></code>. The ingress matches traffic arriving as
<code class="codehilite"><span class="c">https://fortune-teller.stack.build:443</span></code> and routes unencrypted messages to
our kubernetes service.</li>
</ol>
<h3 id="step-4-test-the-connection">Step 4: test the connection<a class="headerlink" href="#step-4-test-the-connection" title="Permanent link"></a></h3>
<p>Once we've applied our configuration to kubernetes, it's time to test that we
can actually talk to the backend. To do this, we'll use the
<a href="https://github.com/fullstorydev/grpcurl">grpcurl</a> utility:</p>
<div class="codehilite"><pre><span></span>$ grpcurl fortune-teller.stack.build:443 build.stack.fortune.FortuneTeller/Predict
<div class="codehilite"><pre><span></span><code>$ grpcurl fortune-teller.stack.build:443 build.stack.fortune.FortuneTeller/Predict
<span class="o">{</span>
<span class="s2">&quot;message&quot;</span>: <span class="s2">&quot;Let us endeavor so to live that when we come to die even the undertaker will be sorry.\n\t\t-- Mark Twain, \&quot;Pudd&#39;nhead Wilson&#39;s Calendar\&quot;&quot;</span>
<span class="o">}</span>
</pre></div>
</code></pre></div>
<h3 id="debugging-hints">Debugging Hints<a class="headerlink" href="#debugging-hints" title="Permanent link"></a></h3>
<ol>
@ -1369,7 +1369,7 @@ can actually talk to the backend. To do this, we'll use the
<li>Watch the logs for the nginx-ingress-controller (increasing verbosity as
needed).</li>
<li>Double-check your address and ports.</li>
<li>Set the <code class="codehilite">GODEBUG=http2debug=2</code> environment variable to get detailed http/2
<li>Set the <code class="codehilite"><span class="err">GODEBUG=http2debug=2</span></code> environment variable to get detailed http/2
logging on the client and/or server.</li>
<li>Study RFC 7540 (http/2) <a href="https://tools.ietf.org/html/rfc7540">https://tools.ietf.org/html/rfc7540</a>.</li>
</ol>
@ -1381,18 +1381,19 @@ to help make it easier for your users to consume your API.</p>
</blockquote>
<h3 id="notes-on-using-responserequest-streams">Notes on using response/request streams<a class="headerlink" href="#notes-on-using-responserequest-streams" title="Permanent link"></a></h3>
<ol>
<li>If your server does only response streaming and you expect a stream to be open longer than 60 seconds, you will have to change the <code class="codehilite">grpc_read_timeout</code> to acommodate for this.</li>
<li>If your server does only response streaming and you expect a stream to be open longer than 60 seconds, you will have to change the <code class="codehilite"><span class="err">grpc_read_timeout</span></code> to acommodate for this.</li>
<li>If your service does only request streaming and you expect a stream to be open longer than 60 seconds, you have to change the
<code class="codehilite">grpc_send_timeout</code> and the <code class="codehilite">client_body_timeout</code>.</li>
<li>If you do both response and request streaming with an open stream longer than 60 seconds, you have to change all three timeouts: <code class="codehilite">grpc_read_timeout</code>, <code class="codehilite">grpc_send_timeout</code> and <code class="codehilite">client_body_timeout</code>.</li>
<code class="codehilite"><span class="err">grpc_send_timeout</span></code> and the <code class="codehilite"><span class="err">client_body_timeout</span></code>.</li>
<li>If you do both response and request streaming with an open stream longer than 60 seconds, you have to change all three timeouts: <code class="codehilite"><span class="err">grpc_read_timeout</span></code>, <code class="codehilite"><span class="err">grpc_send_timeout</span></code> and <code class="codehilite"><span class="err">client_body_timeout</span></code>.</li>
</ol>
<p>Values for the timeouts must be specified as e.g. <code class="codehilite">&quot;1200s&quot;</code>.</p>
<p>Values for the timeouts must be specified as e.g. <code class="codehilite"><span class="err">&quot;1200s&quot;</span></code>.</p>
<blockquote>
<p>On the most recent versions of nginx-ingress, changing these timeouts requires using the <code class="codehilite">nginx.ingress.kubernetes.io/server-snippet</code> annotation. There are plans for future releases to allow using the Kubernetes annotations to define each timeout seperately.</p>
<p>On the most recent versions of nginx-ingress, changing these timeouts requires using the <code class="codehilite"><span class="err">nginx.ingress.kubernetes.io/server-snippet</span></code> annotation. There are plans for future releases to allow using the Kubernetes annotations to define each timeout seperately.</p>
</blockquote>
@ -1447,9 +1448,9 @@ to help make it easier for your users to consume your API.</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1459,7 +1460,7 @@ to help make it easier for your users to consume your API.</p>
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

21
examples/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../assets/javascripts/modernizr.74668098.js"></script>
<script src="../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#ingress-examples" tabindex="1" class="md-skip">
<a href="#ingress-examples" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1268,6 +1268,7 @@ Please review the <a href="PREREQUISITES/">prerequisites</a> before trying them.
@ -1322,9 +1323,9 @@ Please review the <a href="PREREQUISITES/">prerequisites</a> before trying them.
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1334,7 +1335,7 @@ Please review the <a href="PREREQUISITES/">prerequisites</a> before trying them.
</div>
<script src="../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>

29
examples/multi-tls/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#multi-tls-certificate-termination" tabindex="1" class="md-skip">
<a href="#multi-tls-certificate-termination" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1156,7 +1156,7 @@
<li>Create <a href="multi-tls.yaml">multi-tls.yaml</a></li>
</ol>
<p>This should generate a segment like:
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl <span class="nb">exec</span> -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf <span class="p">|</span> grep <span class="s2">&quot;foo.bar.com&quot;</span> -B <span class="m">7</span> -A <span class="m">35</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl <span class="nb">exec</span> -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf <span class="p">|</span> grep <span class="s2">&quot;foo.bar.com&quot;</span> -B <span class="m">7</span> -A <span class="m">35</span>
<span class="go"> server {</span>
<span class="go"> listen 80;</span>
<span class="go"> listen 443 ssl http2;</span>
@ -1198,9 +1198,9 @@
<span class="go"> proxy_pass http://default-http-svc-80;</span>
<span class="go"> }</span>
</pre></div></p>
</code></pre></div></p>
<p>And you should be able to reach your nginx service or http-svc service using a hostname switch:
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ing
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl get ing
<span class="go">NAME RULE BACKEND ADDRESS AGE</span>
<span class="go">foo-tls - 104.154.30.67 13m</span>
<span class="go"> foo.bar.com</span>
@ -1237,10 +1237,11 @@
<span class="gp">$</span> curl <span class="m">104</span>.154.30.67
<span class="go">default backend - 404</span>
</pre></div></p>
</code></pre></div></p>
@ -1295,9 +1296,9 @@
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1307,7 +1308,7 @@
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

25
examples/psp/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#pod-security-policy-psp" tabindex="1" class="md-skip">
<a href="#pod-security-policy-psp" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1157,8 +1157,8 @@ Kubernetes however provides a more fine-grained authorization policy called
If you have PSP enabled on the cluster, and you deploy ingress-nginx,
you will need to provide the Deployment with the permissions to create pods.</p>
<p>Before applying any objects, first apply the PSP permissions by running:
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/psp/psp.yaml</span>
</pre></div></p>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/psp/psp.yaml</span>
</code></pre></div></p>
<p>Now that the pod security policy is applied, we can continue as usual by applying the
<a href="https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.28.0/deploy/static/mandatory.yaml">mandatory.yaml</a>
according to the <a href="../../deploy/">Installation Guide</a>.</p>
@ -1168,6 +1168,7 @@ only after deleting them and reapplying mandatory.yaml.</p>
@ -1208,9 +1209,9 @@ only after deleting them and reapplying mandatory.yaml.</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1220,7 +1221,7 @@ only after deleting them and reapplying mandatory.yaml.</p>
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

45
examples/rewrite/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#rewrite" tabindex="1" class="md-skip">
<a href="#rewrite" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1309,14 +1309,14 @@ and that you have an ingress controller <a href="../../deploy/">running</a> in y
<h3 id="rewrite-target">Rewrite Target<a class="headerlink" href="#rewrite-target" title="Permanent link"></a></h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Starting in Version 0.22.0, ingress definitions using the annotation <code class="codehilite">nginx.ingress.kubernetes.io/rewrite-target</code> are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a <a href="https://www.regular-expressions.info/refcapture.html">capture group</a>.</p>
<p>Starting in Version 0.22.0, ingress definitions using the annotation <code class="codehilite"><span class="err">nginx.ingress.kubernetes.io/rewrite-target</span></code> are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a <a href="https://www.regular-expressions.info/refcapture.html">capture group</a>.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><a href="https://www.regular-expressions.info/refcapture.html">Captured groups</a> are saved in numbered placeholders, chronologically, in the form <code class="codehilite">$1</code>, <code class="codehilite">$2</code> ... <code class="codehilite">$n</code>. These placeholders can be used as parameters in the <code class="codehilite">rewrite-target</code> annotation.</p>
<p><a href="https://www.regular-expressions.info/refcapture.html">Captured groups</a> are saved in numbered placeholders, chronologically, in the form <code class="codehilite"><span class="err">$1</span></code>, <code class="codehilite"><span class="err">$2</span></code> ... <code class="codehilite"><span class="err">$n</span></code>. These placeholders can be used as parameters in the <code class="codehilite"><span class="err">rewrite-target</span></code> annotation.</p>
</div>
<p>Create an Ingress rule with a rewrite annotation:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nb">echo</span> <span class="err">&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> <span class="nb">echo</span> <span class="err">&#39;</span>
<span class="go">apiVersion: networking.k8s.io/v1beta1</span>
<span class="go">kind: Ingress</span>
<span class="go">metadata:</span>
@ -1334,18 +1334,18 @@ and that you have an ingress controller <a href="../../deploy/">running</a> in y
<span class="go"> servicePort: 80</span>
<span class="go"> path: /something(/|$)(.*)</span>
<span class="go">&#39; | kubectl create -f -</span>
</pre></div>
</code></pre></div>
<p>In this ingress definition, any characters captured by <code class="codehilite">(.*)</code> will be assigned to the placeholder <code class="codehilite">$2</code>, which is then used as a parameter in the <code class="codehilite">rewrite-target</code> annotation.</p>
<p>In this ingress definition, any characters captured by <code class="codehilite"><span class="err">(.*)</span></code> will be assigned to the placeholder <code class="codehilite"><span class="err">$2</span></code>, which is then used as a parameter in the <code class="codehilite"><span class="err">rewrite-target</span></code> annotation.</p>
<p>For example, the ingress definition above will result in the following rewrites:</p>
<ul>
<li><code class="codehilite">rewrite.bar.com/something</code> rewrites to <code class="codehilite">rewrite.bar.com/</code></li>
<li><code class="codehilite">rewrite.bar.com/something/</code> rewrites to <code class="codehilite">rewrite.bar.com/</code></li>
<li><code class="codehilite">rewrite.bar.com/something/new</code> rewrites to <code class="codehilite">rewrite.bar.com/new</code></li>
<li><code class="codehilite"><span class="err">rewrite.bar.com/something</span></code> rewrites to <code class="codehilite"><span class="err">rewrite.bar.com/</span></code></li>
<li><code class="codehilite"><span class="err">rewrite.bar.com/something/</span></code> rewrites to <code class="codehilite"><span class="err">rewrite.bar.com/</span></code></li>
<li><code class="codehilite"><span class="err">rewrite.bar.com/something/new</span></code> rewrites to <code class="codehilite"><span class="err">rewrite.bar.com/new</span></code></li>
</ul>
<h3 id="app-root">App Root<a class="headerlink" href="#app-root" title="Permanent link"></a></h3>
<p>Create an Ingress rule with a app-root annotation:
<div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s2">&quot;</span>
<div class="codehilite"><pre><span></span><code>$ <span class="nb">echo</span> <span class="s2">&quot;</span>
<span class="s2">apiVersion: networking.k8s.io/v1beta1</span>
<span class="s2">kind: Ingress</span>
<span class="s2">metadata:</span>
@ -1363,9 +1363,9 @@ and that you have an ingress controller <a href="../../deploy/">running</a> in y
<span class="s2"> servicePort: 80</span>
<span class="s2"> path: /</span>
<span class="s2">&quot;</span> <span class="p">|</span> kubectl create -f -
</pre></div></p>
</code></pre></div></p>
<p>Check the rewrite is working</p>
<div class="codehilite"><pre><span></span>$ curl -I -k http://approot.bar.com/
<div class="codehilite"><pre><span></span><code>$ curl -I -k http://approot.bar.com/
HTTP/1.1 <span class="m">302</span> Moved Temporarily
Server: nginx/1.11.10
Date: Mon, <span class="m">13</span> Mar <span class="m">2017</span> <span class="m">14</span>:57:15 GMT
@ -1373,10 +1373,11 @@ Content-Type: text/html
Content-Length: <span class="m">162</span>
Location: http://stickyingress.example.com/app1
Connection: keep-alive
</pre></div>
</code></pre></div>
@ -1431,9 +1432,9 @@ Connection: keep-alive
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1443,7 +1444,7 @@ Connection: keep-alive
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

55
examples/static-ip/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#static-ips" tabindex="1" class="md-skip">
<a href="#static-ips" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1262,27 +1262,27 @@ by default nginx Ingresses will only get static IPs if your cloudprovider
supports static IP assignments to nodes. On GKE/GCE for example, even though
nodes get static IPs, the IPs are not retained across upgrade.</p>
<p>To acquire a static IP for the nginx ingress controller, simply put it
behind a Service of <code class="codehilite">Type=LoadBalancer</code>.</p>
behind a Service of <code class="codehilite"><span class="err">Type=LoadBalancer</span></code>.</p>
<p>First, create a loadbalancer Service and wait for it to acquire an IP</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f static-ip-svc.yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f static-ip-svc.yaml
<span class="go">service &quot;nginx-ingress-lb&quot; created</span>
<span class="gp">$</span> kubectl get svc nginx-ingress-lb
<span class="go">NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE</span>
<span class="go">nginx-ingress-lb 10.0.138.113 104.154.109.191 80:31457/TCP,443:32240/TCP 15m</span>
</pre></div>
</code></pre></div>
<p>then, update the ingress controller so it adopts the static IP of the Service
by passing the <code class="codehilite">--publish-service</code> flag (the example yaml used in the next step
by passing the <code class="codehilite"><span class="err">--publish-service</span></code> flag (the example yaml used in the next step
already has it set to "nginx-ingress-lb").</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f nginx-ingress-controller.yaml
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f nginx-ingress-controller.yaml
<span class="go">deployment &quot;nginx-ingress-controller&quot; created</span>
</pre></div>
</code></pre></div>
<h2 id="assigning-the-ip-to-an-ingress">Assigning the IP to an Ingress<a class="headerlink" href="#assigning-the-ip-to-an-ingress" title="Permanent link"></a></h2>
<p>From here on every Ingress created with the <code class="codehilite">ingress.class</code> annotation set to
<code class="codehilite">nginx</code> will get the IP allocated in the previous step</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f nginx-ingress.yaml
<p>From here on every Ingress created with the <code class="codehilite"><span class="err">ingress.class</span></code> annotation set to
<code class="codehilite"><span class="err">nginx</span></code> will get the IP allocated in the previous step</p>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl create -f nginx-ingress.yaml
<span class="go">ingress &quot;nginx-ingress&quot; created</span>
<span class="gp">$</span> kubectl get ing ingress-nginx
@ -1298,11 +1298,11 @@ already has it set to "nginx-ingress-lb").</p>
<span class="go">request_version=1.1</span>
<span class="go">request_uri=http://104.154.109.191:8080/</span>
<span class="go">...</span>
</pre></div>
</code></pre></div>
<h2 id="retaining-the-ip">Retaining the IP<a class="headerlink" href="#retaining-the-ip" title="Permanent link"></a></h2>
<p>You can test retention by deleting the Ingress</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl delete ing nginx-ingress
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl delete ing nginx-ingress
<span class="go">ingress &quot;nginx-ingress&quot; deleted</span>
<span class="gp">$</span> kubectl create -f nginx-ingress.yaml
@ -1311,7 +1311,7 @@ already has it set to "nginx-ingress-lb").</p>
<span class="gp">$</span> kubectl get ing nginx-ingress
<span class="go">NAME HOSTS ADDRESS PORTS AGE</span>
<span class="go">nginx-ingress * 104.154.109.191 80, 443 13m</span>
</pre></div>
</code></pre></div>
<blockquote>
<p>Note that unlike the GCE Ingress, the same loadbalancer IP is shared amongst all
@ -1320,14 +1320,14 @@ controllers.</p>
</blockquote>
<h2 id="promote-ephemeral-to-static-ip">Promote ephemeral to static IP<a class="headerlink" href="#promote-ephemeral-to-static-ip" title="Permanent link"></a></h2>
<p>To promote the allocated IP to static, you can update the Service manifest</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl patch svc nginx-ingress-lb -p <span class="s1">&#39;{&quot;spec&quot;: {&quot;loadBalancerIP&quot;: &quot;104.154.109.191&quot;}}&#39;</span>
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl patch svc nginx-ingress-lb -p <span class="s1">&#39;{&quot;spec&quot;: {&quot;loadBalancerIP&quot;: &quot;104.154.109.191&quot;}}&#39;</span>
<span class="go">&quot;nginx-ingress-lb&quot; patched</span>
</pre></div>
</code></pre></div>
<p>and promote the IP to static (promotion works differently for cloudproviders,
provided example is for GKE/GCE)
`
<div class="codehilite"><pre><span></span><span class="gp">$</span> gcloud compute addresses create nginx-ingress-lb --addresses <span class="m">104</span>.154.109.191 --region us-central1
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> gcloud compute addresses create nginx-ingress-lb --addresses <span class="m">104</span>.154.109.191 --region us-central1
<span class="go">Created [https://www.googleapis.com/compute/v1/projects/kubernetesdev/regions/us-central1/addresses/nginx-ingress-lb].</span>
<span class="go">---</span>
<span class="go">address: 104.154.109.191</span>
@ -1341,12 +1341,13 @@ provided example is for GKE/GCE)
<span class="go">status: IN_USE</span>
<span class="go">users:</span>
<span class="go">- us-central1/forwardingRules/a09f6913ae80e11e6a8c542010af0000</span>
</pre></div></p>
</code></pre></div></p>
<p>Now even if the Service is deleted, the IP will persist, so you can recreate the
Service with <code class="codehilite">spec.loadBalancerIP</code> set to <code class="codehilite">104.154.109.191</code>.</p>
Service with <code class="codehilite"><span class="err">spec.loadBalancerIP</span></code> set to <code class="codehilite"><span class="err">104.154.109.191</span></code>.</p>
@ -1401,9 +1402,9 @@ Service with <code class="codehilite">spec.loadBalancerIP</code> set to <code cl
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1413,7 +1414,7 @@ Service with <code class="codehilite">spec.loadBalancerIP</code> set to <code cl
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>

35
examples/tls-termination/index.html
View file

@ -34,7 +34,7 @@
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.3">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.6.2">
@ -42,7 +42,7 @@
<link rel="stylesheet" href="../../assets/stylesheets/application.30686662.css">
<link rel="stylesheet" href="../../assets/stylesheets/application.adb8469c.css">
<link rel="stylesheet" href="../../assets/stylesheets/application-palette.a8b3c06d.css">
@ -53,12 +53,12 @@
<script src="../../assets/javascripts/modernizr.74668098.js"></script>
<script src="../../assets/javascripts/modernizr.86422ebf.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
@ -114,7 +114,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#tls-termination" tabindex="1" class="md-skip">
<a href="#tls-termination" tabindex="0" class="md-skip">
Skip to content
</a>
@ -123,7 +123,7 @@
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<a href="https://kubernetes.github.io/ingress-nginx" title="NGINX Ingress Controller" aria-label="NGINX Ingress Controller" class="md-header-nav__button md-logo">
<i class="md-icon">public</i>
@ -154,7 +154,7 @@
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<input type="text" class="md-search__input" aria-label="search" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
@ -1226,8 +1226,8 @@
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<p>You need a <a href="../PREREQUISITES/#tls-certificates">TLS cert</a> and a <a href="../PREREQUISITES/#test-http-service">test HTTP service</a> for this example.</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>Create a <code class="codehilite">values.yaml</code> file.</p>
<div class="codehilite"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">networking.k8s.io/v1beta1</span>
<p>Create a <code class="codehilite"><span class="err">values.yaml</span></code> file.</p>
<div class="codehilite"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">networking.k8s.io/v1beta1</span>
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Ingress</span>
<span class="nt">metadata</span><span class="p">:</span>
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">nginx-test</span>
@ -1247,16 +1247,16 @@
<span class="c1"># This assumes http-svc exists and routes to healthy endpoints</span>
<span class="nt">serviceName</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">http-svc</span>
<span class="nt">servicePort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">80</span>
</pre></div>
</code></pre></div>
<p>The following command instructs the controller to terminate traffic using the provided
TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f ingress.yaml</span>
</pre></div>
<div class="codehilite"><pre><span></span><code><span class="go">kubectl apply -f ingress.yaml</span>
</code></pre></div>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link"></a></h2>
<p>You can confirm that the Ingress works.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
<div class="codehilite"><pre><span></span><code><span class="gp">$</span> kubectl describe ing nginx-test
<span class="go">Name: nginx-test</span>
<span class="go">Namespace: default</span>
<span class="go">Address: 104.198.183.6</span>
@ -1303,10 +1303,11 @@ TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
<span class="go">x-forwarded-for=104.132.0.80, 35.186.221.137</span>
<span class="go">x-forwarded-proto=https</span>
<span class="go">BODY:</span>
</pre></div>
</code></pre></div>
@ -1361,9 +1362,9 @@ TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
<div class="md-footer-copyright">
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
<a href="https://www.mkdocs.org" target="_blank" rel="noopener">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs</a>
</div>
@ -1373,7 +1374,7 @@ TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
</div>
<script src="../../assets/javascripts/application.ac79c3b0.js"></script>
<script src="../../assets/javascripts/application.c33a9706.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script>