DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
k8s-ci-robot 2021-11-11 17:43:16 +00:00
parent 49ea9bd49b
commit 7fc917c074
4 changed files with 53 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

2
deploy/baremetal/index.html
View file

@ -22,7 +22,7 @@
</code></pre></div> </div> <p>As soon as MetalLB sets the external IP address of the <code>ingress-nginx</code> LoadBalancer Service, the corresponding entries are created in the iptables NAT table and the node with the selected IP address starts responding to HTTP requests on the ports configured in the LoadBalancer Service:</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> curl -D- http://203.0.113.10 -H <span class=s1>&#39;Host: myapp.example.com&#39;</span>
<span class=go>HTTP/1.1 200 OK</span>
<span class=go>Server: nginx/1.15.2</span>
</code></pre></div> <div class="admonition tip"> <p class=admonition-title>Tip</p> <p>In order to preserve the source IP address in HTTP requests sent to NGINX, it is necessary to use the <code>Local</code> traffic policy. Traffic policies are described in more details in <a href=https://metallb.universe.tf/usage/#traffic-policies>Traffic policies</a> as well as in the next section.</p> </div> <h2 id=over-a-nodeport-service>Over a NodePort Service<a class=headerlink href=#over-a-nodeport-service title="Permanent link"></a></h2> <p>Due to its simplicity, this is the setup a user will deploy by default when following the steps described in the <a href=../#bare-metal>installation guide</a>.</p> <div class="admonition info"> <p class=admonition-title>Info</p> <p>A Service of type <code>NodePort</code> exposes, via the <code>kube-proxy</code> component, the <strong>same unprivileged</strong> port (default: 30000-32767) on every Kubernetes node, masters included. For more information, see <a href=https://kubernetes.io/docs/concepts/services-networking/service/#nodeport>Services</a>.</p> </div> <p>In this configuration, the NGINX container remains isolated from the host network. As a result, it can safely bind to any port, including the standard HTTP ports 80 and 443. However, due to the container namespace isolation, a client located outside the cluster network (e.g. on the public internet) is not able to access Ingress hosts directly on ports 80 and 443. Instead, the external client must append the NodePort allocated to the <code>ingress-nginx</code> Service to HTTP requests.</p> <p><img alt="NodePort request flow" src=../../images/baremetal/nodeport.jpg></p> <div class="admonition example"> <p class=admonition-title>Example</p> <p>Given the NodePort <code>30100</code> allocated to the <code>ingress-nginx</code> Service</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl -n ingress-nginx get svc
</code></pre></div> <div class="admonition tip"> <p class=admonition-title>Tip</p> <p>In order to preserve the source IP address in HTTP requests sent to NGINX, it is necessary to use the <code>Local</code> traffic policy. Traffic policies are described in more details in <a href=https://metallb.universe.tf/usage/#traffic-policies>Traffic policies</a> as well as in the next section.</p> </div> <h2 id=over-a-nodeport-service>Over a NodePort Service<a class=headerlink href=#over-a-nodeport-service title="Permanent link"></a></h2> <p>Due to its simplicity, this is the setup a user will deploy by default when following the steps described in the <a href=../#bare-metal>installation guide</a>.</p> <div class="admonition info"> <p class=admonition-title>Info</p> <p>A Service of type <code>NodePort</code> exposes, via the <code>kube-proxy</code> component, the <strong>same unprivileged</strong> port (default: 30000-32767) on every Kubernetes node, masters included. For more information, see <a href=https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport>Services</a>.</p> </div> <p>In this configuration, the NGINX container remains isolated from the host network. As a result, it can safely bind to any port, including the standard HTTP ports 80 and 443. However, due to the container namespace isolation, a client located outside the cluster network (e.g. on the public internet) is not able to access Ingress hosts directly on ports 80 and 443. Instead, the external client must append the NodePort allocated to the <code>ingress-nginx</code> Service to HTTP requests.</p> <p><img alt="NodePort request flow" src=../../images/baremetal/nodeport.jpg></p> <div class="admonition example"> <p class=admonition-title>Example</p> <p>Given the NodePort <code>30100</code> allocated to the <code>ingress-nginx</code> Service</p> <div class=highlight><pre><span></span><code><span class=gp>$</span> kubectl -n ingress-nginx get svc
<span class=go>NAME TYPE CLUSTER-IP PORT(S)</span>
<span class=go>default-http-backend ClusterIP 10.0.64.249 80/TCP</span>
<span class=go>ingress-nginx NodePort 10.0.220.217 80:30100/TCP,443:30101/TCP</span>