Rearrange deployment files into kustomizations

2019-04-30 09:45:58 -07:00 · 2019-04-30 09:45:58 -07:00 · 51ad0bc54b
commit 51ad0bc54b
parent 1bd3fd2429
56 changed files with 532 additions and 1094 deletions
--- a/docs/deploy/index.md
+++ b/docs/deploy/index.md
@ -18,6 +18,9 @@

 The following **Mandatory Command** is required for all deployments.

+!!! attention
+    These commands depend on having kubectl version 1.14 or newer.
+
 !!! attention
    The default configuration watches Ingress object from all the namespaces.
    To change this behavior use the flag `--watch-namespace` to limit the scope to a particular namespace.
@ -25,17 +28,25 @@ The following **Mandatory Command** is required for all deployments.
 !!! warning
    If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.
    
-!!! attention
-    If you're using GKE you need to initialize your user as a cluster-admin with the following command: 
-    ```kubectl create clusterrolebinding cluster-admin-binding   --clusterrole cluster-admin   --user $(gcloud config get-value account)```

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
+kubectl create namespace ingress-nginx
+```
+
+```console
+cat << EOF > kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ingress-nginx
+bases:
+- github.com/kubernetes/ingress-nginx/deploy/cluster-wide
+- # provider-specific, see below
+EOF
 ```

 ### Provider Specific Steps

-There are cloud provider specific yaml files.
+There are cloud provider specific kustomize bases.

 #### Docker for Mac

@ -43,11 +54,7 @@ Kubernetes is available in Docker for Mac (from [version 18.06.0-ce](https://doc

 [enable]: https://docs.docker.com/docker-for-mac/#kubernetes

-Create a service
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml
-```
+Add `github.com/kubernetes/ingress-nginx/deploy/cloud-generic` to the `bases` list in `kustomization.yaml` and run `kubectl apply --kustomize .`.

 #### minikube

@ -88,30 +95,57 @@ This setup requires to choose in which layer (L4 or L7) we want to configure the
 - [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): use TCP as the listener protocol for ports 80 and 443.
 - [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): use HTTP as the listener protocol for port 80 and terminate TLS in the ELB

+
+Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to override the value of the annotation `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` on the service object.
+
+To do this, create a patch file which will replace the annotation.
+
+```
+cat << EOF > elb-timeout.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" # Recommended value for WebSockets
+EOF
+```
+
+After creating the patch file, reference it in your `kustomization.yaml`:
+```yaml
+patchesStrategicMerge:
+- elb-timeout.yaml
+```
+
 For L4:

-Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to update the value of `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` in `provider/aws/service-l4.yaml`
-
-Then execute:
-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml
-```
+To deploy the default example, add the base ` github.com/kubernetes/ingress-nginx/deploy/aws/l4` and then run `kubectl apply --kustomize .`

 For L7:

-Change line of the file `provider/aws/service-l7.yaml` replacing the dummy id with a valid one `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
-
-Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the [ELB Idle Timeouts section](#elb-idle-timeouts) for additional information. If a change is required, users will need to update the value of `service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout` in `provider/aws/service-l7.yaml`
-
-Then execute:
+Create a a patch that will annotate the ingress-controller's service with your ssl certificate id.

 ```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml
+cat << EOF > elb-ssl.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: ingress-nginx
+  annotations:
+    # replace with the correct value of the generated certificate in the AWS console
+    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
+EOF
 ```

+Reference this patch in your `kustomization.yaml`:
+
+```yaml
+patchesStrategicMerge:
+- elb-ssl.yaml
+```
+
+Then add the l7 base, `github.com/kubernetes/ingress-nginx/deploy/aws/l7` and execute `kubectl apply --kustomize .`
+
 This example creates an ELB with just two listeners, one in port 80 and another in port 443

 ![Listeners](../images/elb-l7-listener.png)
@ -127,35 +161,31 @@ More information with regards to idle timeouts for your Load Balancer can be fou

 ##### Network Load Balancer (NLB)

-This type of load balancer is supported since v1.10.0 as an ALPHA feature.
+This type of load balancer is supported since v1.10.0 as an ALPHA feature.  Use the base `github.com/kubernetes/ingress-nginx/deploy/aws/nlb` and execute `kubectl apply --kustomize .`

-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-nlb.yaml
-```

 #### GCE-GKE

-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml
-```
+!!! attention
+    If you're using GKE you need to initialize your user as a cluster-admin with the following command: 
+    ```kubectl create clusterrolebinding cluster-admin-binding   --clusterrole cluster-admin   --user $(gcloud config get-value account)```
+
+Use the base `github.com/kubernetes/ingress-nginx/deploy/cloud-generic` and execute `kubectl apply --kustomize .`

 **Important Note:** proxy protocol is not supported in GCE/GKE

+
 #### Azure

-
-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml
-```
+Use the base `github.com/kubernetes/ingress-nginx/deploy/cloud-generic` and execute `kubectl apply --kustomize .`


 #### Bare-metal

 Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):

-```console
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
-```
+
+Use the base `github.com/kubernetes/ingress-nginx/deploy/baremetal` and execute `kubectl apply --kustomize .`

 !!! tip
    For extended notes regarding deployments on bare-metal, see [Bare-metal considerations](./baremetal.md).