DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-10-12 01:21:45 +00:00
parent 8125e59d3f
commit c09357b854
51 changed files with 612 additions and 5095 deletions
Download patch file Download diff file Expand all files Collapse all files

169
deploy/baremetal/index.html
View file

@ -664,8 +664,8 @@
<li class="md-nav__item">
<a href="../../user-guide/exposing-tcp-udp-services/" title="Exposing TCP and UDP services" class="md-nav__link">
Exposing TCP and UDP services
<a href="../../user-guide/ingress-path-matching/" title="Regular expressions in paths" class="md-nav__link">
Regular expressions in paths
</a>
</li>
@ -982,18 +982,6 @@
<li class="md-nav__item">
<a href="../../examples/customization/custom-upstream-check/" title="Custom Upstream server checks" class="md-nav__link">
Custom Upstream server checks
</a>
</li>
<li class="md-nav__item">
<a href="../../examples/customization/external-auth-headers/" title="External authentication" class="md-nav__link">
External authentication
@ -1216,32 +1204,16 @@ by a DHCP server.</p>
<p class="admonition-title">Example</p>
<p>Given the following 3-node Kubernetes cluster (the external IP is added as an example, in most bare-metal
environments this value is &lt;None>)</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<span class="go">NAME STATUS ROLES EXTERNAL-IP</span>
<span class="go">host-1 Ready master 203.0.113.1</span>
<span class="go">host-2 Ready node 203.0.113.2</span>
<span class="go">host-3 Ready node 203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>After creating the following ConfigMap, MetalLB takes ownership of one of the IP addresses in the pool and updates
the <em>loadBalancer</em> IP field of the <code class="codehilite">ingress-nginx</code> Service accordingly.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span> 1
2
3
4
5
6
7
8
9
10
11
12</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">apiVersion</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">apiVersion</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
<span class="l l-Scalar l-Scalar-Plain">kind</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
<span class="l l-Scalar l-Scalar-Plain">metadata</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">namespace</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">metallb-system</span>
@ -1254,29 +1226,21 @@ the <em>loadBalancer</em> IP field of the <code class="codehilite">ingress-nginx
<span class="no">addresses:</span>
<span class="no">- 203.0.113.2-203.0.113.3</span>
</pre></div>
</td></tr></table>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<span class="go">NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)</span>
<span class="go">default-http-backend ClusterIP 10.0.64.249 &lt;none&gt; 80/TCP</span>
<span class="go">ingress-nginx LoadBalancer 10.0.220.217 203.0.113.3 80:30100/TCP,443:30101/TCP</span>
</pre></div>
</td></tr></table>
</div>
<p>As soon as MetalLB sets the external IP address of the <code class="codehilite">ingress-nginx</code> LoadBalancer Service, the corresponding entries
are created in the iptables NAT table and the node with the selected IP address starts responding to HTTP requests on
the ports configured in the LoadBalancer Service:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://203.0.113.3 -H <span class="s1">&#39;Host: myapp.example.com&#39;</span>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://203.0.113.3 -H <span class="s1">&#39;Host: myapp.example.com&#39;</span>
<span class="go">HTTP/1.1 200 OK</span>
<span class="go">Server: nginx/1.15.2</span>
</pre></div>
</td></tr></table>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
@ -1301,29 +1265,20 @@ requests.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<p>Given the NodePort <code class="codehilite">30100</code> allocated to the <code class="codehilite">ingress-nginx</code> Service</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<span class="go">NAME TYPE CLUSTER-IP PORT(S)</span>
<span class="go">default-http-backend ClusterIP 10.0.64.249 80/TCP</span>
<span class="go">ingress-nginx NodePort 10.0.220.217 80:30100/TCP,443:30101/TCP</span>
</pre></div>
</td></tr></table>
<p>and a Kubernetes node with the public IP address <code class="codehilite">203.0.113.2</code> (the external IP is added as an example, in most
bare-metal environments this value is &lt;None>)</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<span class="go">NAME STATUS ROLES EXTERNAL-IP</span>
<span class="go">host-1 Ready master 203.0.113.1</span>
<span class="go">host-2 Ready node 203.0.113.2</span>
<span class="go">host-3 Ready node 203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>a client would reach an Ingress with <code class="codehilite"><span class="n">host</span><span class="o">:</span> <span class="n">myapp</span><span class="o">.</span><span class="na">example</span><span class="o">.</span><span class="na">com</span></code> at <code class="codehilite">http://myapp.example.com:30100</code>, where the
myapp.example.com subdomain resolves to the 203.0.113.2 IP address.</p>
@ -1355,30 +1310,20 @@ the NGINX Ingress controller should be scheduled or not scheduled.</p>
<p class="admonition-title">Example</p>
<p>In a Kubernetes cluster composed of 3 nodes (the external IP is added as an example, in most bare-metal environments
this value is &lt;None>)</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<span class="go">NAME STATUS ROLES EXTERNAL-IP</span>
<span class="go">host-1 Ready master 203.0.113.1</span>
<span class="go">host-2 Ready node 203.0.113.2</span>
<span class="go">host-3 Ready node 203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>with a <code class="codehilite">nginx-ingress-controller</code> Deployment composed of 2 replicas</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<span class="go">NAME READY STATUS IP NODE</span>
<span class="go">default-http-backend-7c5bc89cc9-p86md 1/1 Running 172.17.1.1 host-2</span>
<span class="go">nginx-ingress-controller-cf9ff8c96-8vvf8 1/1 Running 172.17.0.3 host-3</span>
<span class="go">nginx-ingress-controller-cf9ff8c96-pxsds 1/1 Running 172.17.1.4 host-2</span>
</pre></div>
</td></tr></table>
<p>Requests sent to <code class="codehilite">host-2</code> and <code class="codehilite">host-3</code> would be forwarded to NGINX and original client's IP would be preserved,
while requests to <code class="codehilite">host-1</code> would get dropped because there is no NGINX replica running on that node.</p>
@ -1388,13 +1333,10 @@ while requests to <code class="codehilite">host-1</code> would get dropped becau
</ul>
<p>Because NodePort Services do not get a LoadBalancerIP assigned by definition, the NGINX Ingress controller <strong>does not
update the status of Ingress objects it manages</strong>.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress
<span class="go">NAME HOSTS ADDRESS PORTS</span>
<span class="go">test-ingress myapp.example.com 80</span>
</pre></div>
</td></tr></table>
<p>Despite the fact there is no load balancer providing a public IP address to the NGINX Ingress controller, it is possible
to force the status update of all managed Ingress objects by setting the <code class="codehilite">externalIPs</code> field of the <code class="codehilite">ingress-nginx</code>
@ -1409,39 +1351,26 @@ documentation as well as the section about <a href="#external-ips">External IPs<
<p class="admonition-title">Example</p>
<p>Given the following 3-node Kubernetes cluster (the external IP is added as an example, in most bare-metal
environments this value is &lt;None>)</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<span class="go">NAME STATUS ROLES EXTERNAL-IP</span>
<span class="go">host-1 Ready master 203.0.113.1</span>
<span class="go">host-2 Ready node 203.0.113.2</span>
<span class="go">host-3 Ready node 203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>one could edit the <code class="codehilite">ingress-nginx</code> Service and add the following field to the object spec</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">spec</span><span class="p p-Indicator">:</span>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">spec</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">externalIPs</span><span class="p p-Indicator">:</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">203.0.113.1</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">203.0.113.2</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>which would in turn be reflected on Ingress objects as follows:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress -o wide
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress -o wide
<span class="go">NAME HOSTS ADDRESS PORTS</span>
<span class="go">test-ingress myapp.example.com 203.0.113.1,203.0.113.2,203.0.113.3 80</span>
</pre></div>
</td></tr></table>
</div>
<ul>
@ -1453,15 +1382,11 @@ for generating redirect URLs that take into account the URL used by external cli
<p class="admonition-title">Example</p>
<p>Redirects generated by NGINX, for instance HTTP to HTTPS or <code class="codehilite">domain</code> to <code class="codehilite">www.domain</code>, are generated without
NodePort:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://myapp.example.com:30100<span class="sb">`</span>
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://myapp.example.com:30100<span class="sb">`</span>
<span class="go">HTTP/1.1 308 Permanent Redirect</span>
<span class="go">Server: nginx/1.15.2</span>
<span class="go">Location: https://myapp.example.com/ #-&gt; missing NodePort in HTTPS redirect</span>
</pre></div>
</td></tr></table>
</div>
<h2 id="via-the-host-network">Via the host network<a class="headerlink" href="#via-the-host-network" title="Permanent link">&para;</a></h2>
@ -1475,13 +1400,10 @@ interfaces, without the extra network translation imposed by NodePort Services.<
Service exists in the target cluster, it is <strong>recommended to delete it</strong>.</p>
</div>
<p>This can be achieved by enabling the <code class="codehilite">hostNetwork</code> option in the Pods' spec.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">template</span><span class="p p-Indicator">:</span>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">template</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">spec</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">hostNetwork</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
</pre></div>
</td></tr></table>
<div class="admonition danger">
<p class="admonition-title">Security considerations</p>
@ -1492,35 +1414,24 @@ including the host's loopback. Please evaluate the impact this may have on the s
<p class="admonition-title">Example</p>
<p>Consider this <code class="codehilite">nginx-ingress-controller</code> Deployment composed of 2 replicas, NGINX Pods inherit from the IP address
of their host instead of an internal Pod IP.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<span class="go">NAME READY STATUS IP NODE</span>
<span class="go">default-http-backend-7c5bc89cc9-p86md 1/1 Running 172.17.1.1 host-2</span>
<span class="go">nginx-ingress-controller-5b4cf5fc6-7lg6c 1/1 Running 203.0.113.3 host-3</span>
<span class="go">nginx-ingress-controller-5b4cf5fc6-lzrls 1/1 Running 203.0.113.2 host-2</span>
</pre></div>
</td></tr></table>
</div>
<p>One major limitation of this deployment approach is that only <strong>a single NGINX Ingress controller Pod</strong> may be scheduled
on each cluster node, because binding the same port multiple times on the same network interface is technically
impossible. Pods that are unschedulable due to such situation fail with the following event:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5
6</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx describe pod &lt;unschedulable-nginx-ingress-controller-pod&gt;
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx describe pod &lt;unschedulable-nginx-ingress-controller-pod&gt;
<span class="go">...</span>
<span class="go">Events:</span>
<span class="go"> Type Reason From Message</span>
<span class="go"> ---- ------ ---- -------</span>
<span class="go"> Warning FailedScheduling default-scheduler 0/3 nodes are available: 3 node(s) didn&#39;t have free ports for the requested pod ports.</span>
</pre></div>
</td></tr></table>
<p>One way to ensure only schedulable Pods are created is to deploy the NGINX Ingress controller as a <em>DaemonSet</em> instead
of a traditional Deployment.</p>
@ -1545,13 +1456,10 @@ expected to resolve internal names for any reason.</p>
<p>Because there is no Service exposing the NGINX Ingress controller in a configuration using the host network, the default
<code class="codehilite">--publish-service</code> flag used in standard cloud setups <strong>does not apply</strong> and the status of all Ingress objects remains
blank.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress
<span class="go">NAME HOSTS ADDRESS PORTS</span>
<span class="go">test-ingress myapp.example.com 80</span>
</pre></div>
</td></tr></table>
<p>Instead, and because bare-metal nodes usually don't have an ExternalIP, one has to enable the
<a href="../../user-guide/cli-arguments/"><code class="codehilite">--report-node-internal-ip-address</code></a> flag, which sets the status of all Ingress objects to the internal IP
@ -1559,26 +1467,18 @@ address of all nodes running the NGINX Ingress controller.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<p>Given a <code class="codehilite">nginx-ingress-controller</code> DaemonSet composed of 2 replicas</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get pod -o wide
<span class="go">NAME READY STATUS IP NODE</span>
<span class="go">default-http-backend-7c5bc89cc9-p86md 1/1 Running 172.17.1.1 host-2</span>
<span class="go">nginx-ingress-controller-5b4cf5fc6-7lg6c 1/1 Running 203.0.113.3 host-3</span>
<span class="go">nginx-ingress-controller-5b4cf5fc6-lzrls 1/1 Running 203.0.113.2 host-2</span>
</pre></div>
</td></tr></table>
<p>the controller sets the status of all Ingress objects it manages to the following value:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress -o wide
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get ingress -o wide
<span class="go">NAME HOSTS ADDRESS PORTS</span>
<span class="go">test-ingress myapp.example.com 203.0.113.2,203.0.113.3 80</span>
</pre></div>
</td></tr></table>
</div>
<div class="admonition note">
@ -1611,46 +1511,28 @@ Service. These IP addresses <strong>must belong to the target node</strong>.</p>
<p class="admonition-title">Example</p>
<p>Given the following 3-node Kubernetes cluster (the external IP is added as an example, in most bare-metal
environments this value is &lt;None>)</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe node
<span class="go">NAME STATUS ROLES EXTERNAL-IP</span>
<span class="go">host-1 Ready master 203.0.113.1</span>
<span class="go">host-2 Ready node 203.0.113.2</span>
<span class="go">host-3 Ready node 203.0.113.3</span>
</pre></div>
</td></tr></table>
<p>and the following <code class="codehilite">ingress-nginx</code> NodePort Service</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl -n ingress-nginx get svc
<span class="go">NAME TYPE CLUSTER-IP PORT(S)</span>
<span class="go">ingress-nginx NodePort 10.0.220.217 80:30100/TCP,443:30101/TCP</span>
</pre></div>
</td></tr></table>
<p>One could set the following external IPs in the Service spec, and NGINX would become available on both the NodePort
and the Service port:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">spec</span><span class="p p-Indicator">:</span>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">spec</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">externalIPs</span><span class="p p-Indicator">:</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">203.0.113.2</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">203.0.113.3</span>
</pre></div>
</td></tr></table>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4
5
6
7</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://myapp.example.com:30100
<div class="codehilite"><pre><span></span><span class="gp">$</span> curl -D- http://myapp.example.com:30100
<span class="go">HTTP/1.1 200 OK</span>
<span class="go">Server: nginx/1.15.2</span>
@ -1658,7 +1540,6 @@ and the Service port:</p>
<span class="go">HTTP/1.1 200 OK</span>
<span class="go">Server: nginx/1.15.2</span>
</pre></div>
</td></tr></table>
<p>We assume the myapp.example.com subdomain above resolves to both 203.0.113.2 and 203.0.113.3 IP addresses.</p>
</div>

72
deploy/index.html
View file

@ -759,8 +759,8 @@
<li class="md-nav__item">
<a href="../user-guide/exposing-tcp-udp-services/" title="Exposing TCP and UDP services" class="md-nav__link">
Exposing TCP and UDP services
<a href="../user-guide/ingress-path-matching/" title="Regular expressions in paths" class="md-nav__link">
Regular expressions in paths
</a>
</li>
@ -1077,18 +1077,6 @@
<li class="md-nav__item">
<a href="../examples/customization/custom-upstream-check/" title="Custom Upstream server checks" class="md-nav__link">
Custom Upstream server checks
</a>
</li>
<li class="md-nav__item">
<a href="../examples/customization/external-auth-headers/" title="External authentication" class="md-nav__link">
External authentication
@ -1392,9 +1380,8 @@
<h2 id="generic-deployment">Generic Deployment<a class="headerlink" href="#generic-deployment" title="Permanent link">&para;</a></h2>
<p>The following resources are required for a generic deployment.</p>
<h3 id="mandatory-command">Mandatory command<a class="headerlink" href="#mandatory-command" title="Permanent link">&para;</a></h3>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml</span>
</pre></div>
</td></tr></table>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -1410,37 +1397,30 @@ To change this behavior use the flag <code class="codehilite">--watch-namespace<
<h4 id="docker-for-mac">Docker for Mac<a class="headerlink" href="#docker-for-mac" title="Permanent link">&para;</a></h4>
<p>Kubernetes is available in Docker for Mac (from <a href="https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018">version 18.06.0-ce</a>)</p>
<p>Create a service</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
</pre></div>
</td></tr></table>
<h4 id="minikube">minikube<a class="headerlink" href="#minikube" title="Permanent link">&para;</a></h4>
<p>For standard usage:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">minikube addons enable ingress</span>
<div class="codehilite"><pre><span></span><span class="go">minikube addons enable ingress</span>
</pre></div>
</td></tr></table>
<p>For development:</p>
<ol>
<li>Disable the ingress addon:</li>
</ol>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> minikube addons disable ingress
<div class="codehilite"><pre><span></span><span class="gp">$</span> minikube addons disable ingress
</pre></div>
</td></tr></table>
<ol>
<li>Execute <code class="codehilite">make dev-env</code></li>
<li>Confirm the <code class="codehilite">nginx-ingress-controller</code> deployment exists:</li>
</ol>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3
4</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get pods -n ingress-nginx
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get pods -n ingress-nginx
<span class="go">NAME READY STATUS RESTARTS AGE</span>
<span class="go">default-http-backend-66b447d9cf-rrlf9 1/1 Running 0 12s</span>
<span class="go">nginx-ingress-controller-fdcdcd6dd-vvpgs 1/1 Running 0 11s</span>
</pre></div>
</td></tr></table>
<h4 id="aws">AWS<a class="headerlink" href="#aws" title="Permanent link">&para;</a></h4>
<p>In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of <code class="codehilite">Type=LoadBalancer</code>.
@ -1455,21 +1435,17 @@ Please check the <a href="https://aws.amazon.com/elasticloadbalancing/details/">
<p>For L4:</p>
<p>Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the <a href="#elb-idle-timeouts">ELB Idle Timeouts section</a> for additional information. If a change is required, users will need to update the value of <code class="codehilite">service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout</code> in <code class="codehilite">provider/aws/service-l4.yaml</code></p>
<p>Then execute:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml</span>
<span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml</span>
</pre></div>
</td></tr></table>
<p>For L7:</p>
<p>Change line of the file <code class="codehilite">provider/aws/service-l7.yaml</code> replacing the dummy id with a valid one <code class="codehilite">&quot;arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX&quot;</code></p>
<p>Check that no change is necessary with regards to the ELB idle timeout. In some scenarios, users may want to modify the ELB idle timeout, so please check the <a href="#elb-idle-timeouts">ELB Idle Timeouts section</a> for additional information. If a change is required, users will need to update the value of <code class="codehilite">service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout</code> in <code class="codehilite">provider/aws/service-l7.yaml</code></p>
<p>Then execute:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml</span>
<span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml</span>
</pre></div>
</td></tr></table>
<p>This example creates an ELB with just two listeners, one in port 80 and another in port 443</p>
<p><img alt="Listeners" src="../images/elb-l7-listener.png" /></p>
@ -1480,26 +1456,22 @@ Please check the <a href="https://aws.amazon.com/elasticloadbalancing/details/">
<p>More information with regards to idle timeouts for your Load Balancer can be found in the <a href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-idle-timeout.html">official AWS documentation</a>.</p>
<h5 id="network-load-balancer-nlb">Network Load Balancer (NLB)<a class="headerlink" href="#network-load-balancer-nlb" title="Permanent link">&para;</a></h5>
<p>This type of load balancer is supported since v1.10.0 as an ALPHA feature.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-nlb.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-nlb.yaml</span>
</pre></div>
</td></tr></table>
<h4 id="gce-gke">GCE - GKE<a class="headerlink" href="#gce-gke" title="Permanent link">&para;</a></h4>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
</pre></div>
</td></tr></table>
<p><strong>Important Note:</strong> proxy protocol is not supported in GCE/GKE</p>
<h4 id="azure">Azure<a class="headerlink" href="#azure" title="Permanent link">&para;</a></h4>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
</pre></div>
</td></tr></table>
<h4 id="bare-metal">Bare-metal<a class="headerlink" href="#bare-metal" title="Permanent link">&para;</a></h4>
<p>Using <a href="https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport">NodePort</a>:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml</span>
</pre></div>
</td></tr></table>
<div class="admonition tip">
<p class="admonition-title">Tip</p>
@ -1507,40 +1479,32 @@ Please check the <a href="https://aws.amazon.com/elasticloadbalancing/details/">
</div>
<h3 id="verify-installation">Verify installation<a class="headerlink" href="#verify-installation" title="Permanent link">&para;</a></h3>
<p>To check if the ingress controller pods have started, run the following command:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch</span>
<div class="codehilite"><pre><span></span><span class="go">kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch</span>
</pre></div>
</td></tr></table>
<p>Once the operator pods are running, you can cancel the above command by typing <code class="codehilite">Ctrl+C</code>.
Now, you are ready to create your first ingress.</p>
<h3 id="detect-installed-version">Detect installed version<a class="headerlink" href="#detect-installed-version" title="Permanent link">&para;</a></h3>
<p>To detect which version of the ingress controller is running, exec into the pod and run <code class="codehilite">nginx-ingress-controller version</code> command.</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2
3</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">POD_NAMESPACE=ingress-nginx</span>
<div class="codehilite"><pre><span></span><span class="go">POD_NAMESPACE=ingress-nginx</span>
<span class="go">POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>
<span class="go">kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version</span>
</pre></div>
</td></tr></table>
<h2 id="using-helm">Using Helm<a class="headerlink" href="#using-helm" title="Permanent link">&para;</a></h2>
<p>NGINX Ingress controller can be installed via <a href="https://helm.sh/">Helm</a> using the chart <a href="https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress">stable/nginx-ingress</a> from the official charts repository.
To install the chart with the release name <code class="codehilite">my-nginx</code>:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx</span>
<div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx</span>
</pre></div>
</td></tr></table>
<p>If the kubernetes cluster has RBAC enabled, then run:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx --set rbac.create=true</span>
<div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx --set rbac.create=true</span>
</pre></div>
</td></tr></table>
<p>Detect installed version:</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="go">POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>
<div class="codehilite"><pre><span></span><span class="go">POD_NAME=$(kubectl get pods -l app.kubernetes.io/name=ingress-nginx -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>
<span class="go">kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version</span>
</pre></div>
</td></tr></table>

16
deploy/rbac/index.html
View file

@ -677,8 +677,8 @@
<li class="md-nav__item">
<a href="../../user-guide/exposing-tcp-udp-services/" title="Exposing TCP and UDP services" class="md-nav__link">
Exposing TCP and UDP services
<a href="../../user-guide/ingress-path-matching/" title="Regular expressions in paths" class="md-nav__link">
Regular expressions in paths
</a>
</li>
@ -995,18 +995,6 @@
<li class="md-nav__item">
<a href="../../examples/customization/custom-upstream-check/" title="Custom Upstream server checks" class="md-nav__link">
Custom Upstream server checks
</a>
</li>
<li class="md-nav__item">
<a href="../../examples/customization/external-auth-headers/" title="External authentication" class="md-nav__link">
External authentication

39
deploy/upgrade/index.html
View file

@ -643,8 +643,8 @@
<li class="md-nav__item">
<a href="../../user-guide/exposing-tcp-udp-services/" title="Exposing TCP and UDP services" class="md-nav__link">
Exposing TCP and UDP services
<a href="../../user-guide/ingress-path-matching/" title="Regular expressions in paths" class="md-nav__link">
Regular expressions in paths
</a>
</li>
@ -961,18 +961,6 @@
<li class="md-nav__item">
<a href="../../examples/customization/custom-upstream-check/" title="Custom Upstream server checks" class="md-nav__link">
Custom Upstream server checks
</a>
</li>
<li class="md-nav__item">
<a href="../../examples/customization/external-auth-headers/" title="External authentication" class="md-nav__link">
External authentication
@ -1149,20 +1137,7 @@ make sure your templates are compatible with the new version of ingress-nginx</e
<p>To upgrade your ingress-nginx installation, it should be enough to change the version of the image
in the controller Deployment.</p>
<p>I.e. if your deployment resource looks like (partial example):</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span> 1
2
3
4
5
6
7
8
9
10
11
12
13
14</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">kind</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">kind</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
<span class="l l-Scalar l-Scalar-Plain">metadata</span><span class="p p-Indicator">:</span>
<span class="l l-Scalar l-Scalar-Plain">name</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">nginx-ingress-controller</span>
<span class="l l-Scalar l-Scalar-Plain">namespace</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">ingress-nginx</span>
@ -1177,23 +1152,19 @@ in the controller Deployment.</p>
<span class="l l-Scalar l-Scalar-Plain">image</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0</span>
<span class="l l-Scalar l-Scalar-Plain">args</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">...</span>
</pre></div>
</td></tr></table>
<p>simply change the <code class="codehilite">0.9.0</code> tag to the version you wish to upgrade to.
The easiest way to do this is e.g. (do note you may need to change the name parameter according to your installation):</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1
2</pre></div></td><td class="code"><div class="codehilite"><pre><span></span>kubectl set image deployment/nginx-ingress-controller \
<div class="codehilite"><pre><span></span>kubectl set image deployment/nginx-ingress-controller \
nginx-ingress-controller=nginx:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
</pre></div>
</td></tr></table>
<p>For interactive editing, use <code class="codehilite">kubectl edit deployment nginx-ingress-controller</code>.</p>
<h2 id="with-helm">With Helm<a class="headerlink" href="#with-helm" title="Permanent link">&para;</a></h2>
<p>If you installed ingress-nginx using the Helm command in the deployment docs so its name is <code class="codehilite">ngx-ingress</code>,
you should be able to upgrade using</p>
<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre><span></span>1</pre></div></td><td class="code"><div class="codehilite"><pre><span></span>helm upgrade --reuse-values ngx-ingress stable/nginx-ingress
<div class="codehilite"><pre><span></span>helm upgrade --reuse-values ngx-ingress stable/nginx-ingress
</pre></div>
</td></tr></table>