Split documentation

2017-10-13 10:55:03 -03:00 · 2017-10-13 10:55:03 -03:00 · a9168f276e
commit a9168f276e
parent a18daabc51
144 changed files with 1780 additions and 3789 deletions
--- a/docs/examples/static-ip/README.md
+++ b/docs/examples/static-ip/README.md
@ -0,0 +1,117 @@
+# Static IPs
+
+This example demonstrates how to assign a static-ip to an Ingress on through the Nginx controller.
+
+## Prerequisites
+
+You need a [TLS cert](/examples/PREREQUISITES.md#tls-certificates) and a [test HTTP service](/examples/PREREQUISITES.md#test-http-service) for this example.
+You will also need to make sure you Ingress targets exactly one Ingress
+controller by specifying the [ingress.class annotation](/examples/PREREQUISITES.md#ingress-class),
+and that you have an ingress controller [running](/examples/deployment) in your cluster.
+
+## Acquiring an IP
+
+Since instances of the nginx controller actually run on nodes in your cluster,
+by default nginx Ingresses will only get static IPs if your cloudprovider
+supports static IP assignments to nodes. On GKE/GCE for example, even though
+nodes get static IPs, the IPs are not retained across upgrade.
+
+To acquire a static IP for the nginx ingress controller, simply put it
+behind a Service of `Type=LoadBalancer`.
+
+First, create a loadbalancer Service and wait for it to acquire an IP
+
+```console
+$ kubectl create -f static-ip-svc.yaml
+service "nginx-ingress-lb" created
+
+$ kubectl get svc nginx-ingress-lb
+NAME               CLUSTER-IP     EXTERNAL-IP       PORT(S)                      AGE
+nginx-ingress-lb   10.0.138.113   104.154.109.191   80:31457/TCP,443:32240/TCP   15m
+```
+
+then, update the ingress controller so it adopts the static IP of the Service
+by passing the `--publish-service` flag (the example yaml used in the next step
+already has it set to "nginx-ingress-lb").
+
+```console
+$ kubectl create -f nginx-ingress-controller.yaml
+deployment "nginx-ingress-controller" created
+```
+
+## Assigning the IP to an Ingress
+
+From here on every Ingress created with the `ingress.class` annotation set to
+`nginx` will get the IP allocated in the previous step
+
+```console
+$ kubectl create -f nginx-ingress.yaml
+ingress "nginx-ingress" created
+
+$ kubectl get ing nginx-ingress
+NAME            HOSTS     ADDRESS           PORTS     AGE
+nginx-ingress   *         104.154.109.191   80, 443   13m
+
+$ curl 104.154.109.191 -kL
+CLIENT VALUES:
+client_address=10.180.1.25
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://104.154.109.191:8080/
+...
+```
+
+## Retaining the IP
+
+You can test retention by deleting the Ingress
+
+```console
+$ kubectl delete ing nginx-ingress
+ingress "nginx-ingress" deleted
+
+$ kubectl create -f nginx-ingress.yaml
+ingress "nginx-ingress" created
+
+$ kubectl get ing nginx-ingress
+NAME            HOSTS     ADDRESS           PORTS     AGE
+nginx-ingress   *         104.154.109.191   80, 443   13m
+```
+
+Note that unlike the GCE Ingress, the same loadbalancer IP is shared amongst all
+Ingresses, because all requests are proxied through the same set of nginx
+controllers.
+
+## Promote ephemeral to static IP
+
+To promote the allocated IP to static, you can update the Service manifest
+
+```console
+$ kubectl patch svc nginx-ingress-lb -p '{"spec": {"loadBalancerIP": "104.154.109.191"}}'
+"nginx-ingress-lb" patched
+```
+
+and promote the IP to static (promotion works differently for cloudproviders,
+provided example is for GKE/GCE)
+`
+```console
+$ gcloud compute addresses create nginx-ingress-lb --addresses 104.154.109.191 --region us-central1
+Created [https://www.googleapis.com/compute/v1/projects/kubernetesdev/regions/us-central1/addresses/nginx-ingress-lb].
+---
+address: 104.154.109.191
+creationTimestamp: '2017-01-31T16:34:50.089-08:00'
+description: ''
+id: '5208037144487826373'
+kind: compute#address
+name: nginx-ingress-lb
+region: us-central1
+selfLink: https://www.googleapis.com/compute/v1/projects/kubernetesdev/regions/us-central1/addresses/nginx-ingress-lb
+status: IN_USE
+users:
+- us-central1/forwardingRules/a09f6913ae80e11e6a8c542010af0000
+```
+
+Now even if the Service is deleted, the IP will persist, so you can recreate the
+Service with `spec.loadBalancerIP` set to `104.154.109.191`.
+
--- a/docs/examples/static-ip/nginx-ingress-controller.yaml
+++ b/docs/examples/static-ip/nginx-ingress-controller.yaml
@ -0,0 +1,52 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: nginx-ingress-controller
+  labels:
+    k8s-app: nginx-ingress-controller
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        k8s-app: nginx-ingress-controller
+    spec:
+      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
+      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
+      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
+      # like with kubeadm
+      # hostNetwork: true
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.15
+        name: nginx-ingress-controller
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          timeoutSeconds: 1
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 443
+          hostPort: 443
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        args:
+        - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
+        - --publish-service=$(POD_NAMESPACE)/nginx-ingress-lb
--- a/docs/examples/static-ip/nginx-ingress.yaml
+++ b/docs/examples/static-ip/nginx-ingress.yaml
@ -0,0 +1,17 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-nginx
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  tls:
+  # This assumes tls-secret exists.
+  - secretName: tls-secret
+  rules:
+  - http:
+      paths:
+      - backend:
+          # This assumes http-svc exists and routes to healthy endpoints.
+          serviceName: http-svc
+          servicePort: 80
--- a/docs/examples/static-ip/static-ip-svc.yaml
+++ b/docs/examples/static-ip/static-ip-svc.yaml
@ -0,0 +1,23 @@
+# This is the backend service
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-ingress-lb
+  annotations:
+    service.beta.kubernetes.io/external-traffic: OnlyLocal
+  labels:
+    app: nginx-ingress-lb
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 104.154.109.191
+  ports:
+  - port: 80
+    name: http
+    targetPort: 80
+  - port: 443
+    name: https
+    targetPort: 443
+  selector:
+    # Selects nginx-ingress-controller pods
+    k8s-app: nginx-ingress-controller
+