DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2019-11-08 19:24:34 +00:00
parent bc6e898a19
commit cf75938808
56 changed files with 483 additions and 475 deletions
Download patch file Download diff file Expand all files Collapse all files

8
examples/PREREQUISITES/index.html
View file

@ -1221,9 +1221,9 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/PREREQUISITES.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">&para;</a></h1>
<h1 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h1>
<p>Many of the examples in this directory have common prerequisites.</p>
<h2 id="tls-certificates">TLS certificates<a class="headerlink" href="#tls-certificates" title="Permanent link">&para;</a></h2>
<h2 id="tls-certificates">TLS certificates<a class="headerlink" href="#tls-certificates" title="Permanent link"></a></h2>
<p>Unless otherwise mentioned, the TLS secret used in examples is a 2048 bit RSA
key/cert pair with an arbitrarily chosen hostname, created as follows</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> openssl req -x509 -sha256 -nodes -days <span class="m">365</span> -newkey rsa:2048 -keyout tls.key -out tls.crt -subj <span class="s2">&quot;/CN=nginxsvc/O=nginxsvc&quot;</span>
@ -1238,7 +1238,7 @@ key/cert pair with an arbitrarily chosen hostname, created as follows</p>
</pre></div>
<p>Note: If using CA Authentication, described below, you will need to sign the server certificate with the CA.</p>
<h2 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link">&para;</a></h2>
<h2 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link"></a></h2>
<p>CA Authentication also known as Mutual Authentication allows both the server and client to verify each others
identity via a common CA.</p>
<p>We have a CA Certificate which we obtain usually from a Certificate Authority and use that to sign
@ -1260,7 +1260,7 @@ pass the client certificate.</p>
</pre></div>
<p>Once this is complete you can continue to follow the instructions <a href="../auth/client-certs/#creating-certificate-secrets">here</a></p>
<h2 id="test-http-service">Test HTTP Service<a class="headerlink" href="#test-http-service" title="Permanent link">&para;</a></h2>
<h2 id="test-http-service">Test HTTP Service<a class="headerlink" href="#test-http-service" title="Permanent link"></a></h2>
<p>All examples that require a test HTTP Service use the standard http-svc pod,
which you can deploy as follows</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f http-svc.yaml

16
examples/affinity/cookie/index.html
View file

@ -1207,9 +1207,9 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/affinity/cookie/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="sticky-sessions">Sticky sessions<a class="headerlink" href="#sticky-sessions" title="Permanent link">&para;</a></h1>
<h1 id="sticky-sessions">Sticky sessions<a class="headerlink" href="#sticky-sessions" title="Permanent link"></a></h1>
<p>This example demonstrates how to achieve session affinity using cookies.</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link">&para;</a></h2>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>Session affinity can be configured using the following annotations:</p>
<table>
<thead>
@ -1237,8 +1237,8 @@
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-path</td>
<td>Path that will be set on the cookie (required if your <a href="../../../user-guide/ingress-path-matching">Ingress paths</a> use regular expressions)</td>
<td>string (defaults to the currently <a href="../../../user-guide/ingress-path-matching">matched path</a>)</td>
<td>Path that will be set on the cookie (required if your <a href="../../../user-guide/ingress-path-matching/">Ingress paths</a> use regular expressions)</td>
<td>string (defaults to the currently <a href="../../../user-guide/ingress-path-matching/">matched path</a>)</td>
</tr>
<tr>
<td>nginx.ingress.kubernetes.io/session-cookie-max-age</td>
@ -1261,17 +1261,17 @@
<div class="codehilite"><pre><span></span><span class="go">kubectl create -f ingress.yaml</span>
</pre></div>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link">&para;</a></h2>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link"></a></h2>
<p>You can confirm that the Ingress works:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
<span class="go">Name: nginx-test</span>
<span class="go">Namespace: default</span>
<span class="go">Address: </span>
<span class="go">Address:</span>
<span class="go">Default backend: default-http-backend:80 (10.180.0.4:8080,10.240.0.2:8080)</span>
<span class="go">Rules:</span>
<span class="go"> Host Path Backends</span>
<span class="go"> ---- ---- --------</span>
<span class="go"> stickyingress.example.com </span>
<span class="go"> stickyingress.example.com</span>
<span class="go"> / nginx-service:80 (&lt;none&gt;)</span>
<span class="go">Annotations:</span>
<span class="go"> affinity: cookie</span>
@ -1302,7 +1302,7 @@ This cookie is created by NGINX, it contains a randomly generated key correspond
If the user changes this cookie, NGINX creates a new one and redirects the user to another upstream.</p>
<p>If the backend pool grows NGINX will keep sending the requests through the same server of the first request, even if it's overloaded.</p>
<p>When the backend server is removed, the requests are re-routed to another upstream server. This does not require the cookie to be updated because the key's <a href="https://en.wikipedia.org/wiki/Consistent_hashing">consistent hash</a> will change.</p>
<p>When you have a Service pointing to more than one Ingress, with only one containing affinity configuration, the first created Ingress will be used.
<p>When you have a Service pointing to more than one Ingress, with only one containing affinity configuration, the first created Ingress will be used.
This means that you can face the situation that you've configured session affinity on one Ingress and it doesn't work because the Service is pointing to another Ingress that doesn't configure this.</p>

2
examples/auth/basic/index.html
View file

@ -1150,7 +1150,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/auth/basic/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="basic-authentication">Basic Authentication<a class="headerlink" href="#basic-authentication" title="Permanent link">&para;</a></h1>
<h1 id="basic-authentication">Basic Authentication<a class="headerlink" href="#basic-authentication" title="Permanent link"></a></h1>
<p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code class="codehilite">htpasswd</code>.
It's important the file generated is named <code class="codehilite">auth</code> (actually - that the secret has a key <code class="codehilite">data.auth</code>), otherwise the ingress-controller returns a 503.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> htpasswd -c auth foo

6
examples/auth/client-certs/index.html
View file

@ -1209,7 +1209,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/auth/client-certs/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link">&para;</a></h1>
<h1 id="client-certificate-authentication">Client Certificate Authentication<a class="headerlink" href="#client-certificate-authentication" title="Permanent link"></a></h1>
<p>It is possible to enable Client-Certificate Authentication by adding additional annotations to your Ingress Resource.
Before getting started you must have the following Certificates Setup:</p>
<ol>
@ -1228,7 +1228,7 @@ Before getting started you must have the following Certificates Setup:</p>
<p><strong>Note:</strong> Make sure that the Key Size is greater than 1024 and Hashing Algorithm(Digest) is something better than md5
for each certificate generated. Otherwise you will receive an error.</p>
<h2 id="creating-certificate-secrets">Creating Certificate Secrets<a class="headerlink" href="#creating-certificate-secrets" title="Permanent link">&para;</a></h2>
<h2 id="creating-certificate-secrets">Creating Certificate Secrets<a class="headerlink" href="#creating-certificate-secrets" title="Permanent link"></a></h2>
<p>There are many different ways of configuring your secrets to enable Client-Certificate
Authentication to work properly.</p>
<ol>
@ -1255,7 +1255,7 @@ kubectl create secret generic tls-secret --from-file<span class="o">=</span>tls.
</li>
</ol>
<p>Note: The CA Certificate must contain the trusted certificate authority chain to verify client certificates.</p>
<h2 id="setup-instructions">Setup Instructions<a class="headerlink" href="#setup-instructions" title="Permanent link">&para;</a></h2>
<h2 id="setup-instructions">Setup Instructions<a class="headerlink" href="#setup-instructions" title="Permanent link"></a></h2>
<ol>
<li>Add the annotations as provided in the <a href="ingress.yaml">ingress.yaml</a> example to your own ingress resources as required.</li>
<li>Test by performing a curl against the Ingress Path without the Client Cert and expect a Status Code 400.</li>

4
examples/auth/external-auth/index.html
View file

@ -1195,8 +1195,8 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/auth/external-auth/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="external-basic-authentication">External Basic Authentication<a class="headerlink" href="#external-basic-authentication" title="Permanent link">&para;</a></h1>
<h3 id="example-1">Example 1:<a class="headerlink" href="#example-1" title="Permanent link">&para;</a></h3>
<h1 id="external-basic-authentication">External Basic Authentication<a class="headerlink" href="#external-basic-authentication" title="Permanent link"></a></h1>
<h3 id="example-1">Example 1:<a class="headerlink" href="#example-1" title="Permanent link"></a></h3>
<p>Use an external service (Basic Auth) located in <code class="codehilite">https://httpbin.org</code> </p>
<div class="codehilite"><pre><span></span>$ kubectl create -f ingress.yaml
ingress <span class="s2">&quot;external-auth&quot;</span> created

10
examples/auth/oauth-external-auth/index.html
View file

@ -1249,15 +1249,15 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/auth/oauth-external-auth/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="external-oauth-authentication">External OAUTH Authentication<a class="headerlink" href="#external-oauth-authentication" title="Permanent link">&para;</a></h1>
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">&para;</a></h3>
<h1 id="external-oauth-authentication">External OAUTH Authentication<a class="headerlink" href="#external-oauth-authentication" title="Permanent link"></a></h1>
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link"></a></h3>
<p>The <code class="codehilite">auth-url</code> and <code class="codehilite">auth-signin</code> annotations allow you to use an external
authentication provider to protect your Ingress resources.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>This annotation requires <code class="codehilite">nginx-ingress-controller v0.9.0</code> or greater.)</p>
</div>
<h3 id="key-detail">Key Detail<a class="headerlink" href="#key-detail" title="Permanent link">&para;</a></h3>
<h3 id="key-detail">Key Detail<a class="headerlink" href="#key-detail" title="Permanent link"></a></h3>
<p>This functionality is enabled by deploying multiple Ingress objects for a single host.
One Ingress object has no special annotations and handles authentication.</p>
<p>Other Ingress objects can then be annotated in such a way that require the user to
@ -1273,10 +1273,10 @@ same endpoint.</p>
<span class="nn">...</span>
</pre></div>
<h3 id="example-oauth2-proxy-kubernetes-dashboard">Example: OAuth2 Proxy + Kubernetes-Dashboard<a class="headerlink" href="#example-oauth2-proxy-kubernetes-dashboard" title="Permanent link">&para;</a></h3>
<h3 id="example-oauth2-proxy-kubernetes-dashboard">Example: OAuth2 Proxy + Kubernetes-Dashboard<a class="headerlink" href="#example-oauth2-proxy-kubernetes-dashboard" title="Permanent link"></a></h3>
<p>This example will show you how to deploy <a href="https://github.com/pusher/oauth2_proxy"><code class="codehilite">oauth2_proxy</code></a>
into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider</p>
<h4 id="prepare">Prepare<a class="headerlink" href="#prepare" title="Permanent link">&para;</a></h4>
<h4 id="prepare">Prepare<a class="headerlink" href="#prepare" title="Permanent link"></a></h4>
<ol>
<li>Install the kubernetes dashboard</li>
</ol>

6
examples/customization/configuration-snippets/index.html
View file

@ -1209,13 +1209,13 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/configuration-snippets/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="configuration-snippets">Configuration Snippets<a class="headerlink" href="#configuration-snippets" title="Permanent link">&para;</a></h1>
<h2 id="ingress">Ingress<a class="headerlink" href="#ingress" title="Permanent link">&para;</a></h2>
<h1 id="configuration-snippets">Configuration Snippets<a class="headerlink" href="#configuration-snippets" title="Permanent link"></a></h1>
<h2 id="ingress">Ingress<a class="headerlink" href="#ingress" title="Permanent link"></a></h2>
<p>The Ingress in this example adds a custom header to Nginx configuration that only applies to that specific Ingress. If you want to add headers that apply globally to all Ingresses, please have a look at <a href="../custom-headers/">this example</a>.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl apply -f ingress.yaml
</pre></div>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check if the contents of the annotation are present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>

2
examples/customization/custom-configuration/index.html
View file

@ -1150,7 +1150,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/custom-configuration/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="custom-configuration">Custom Configuration<a class="headerlink" href="#custom-configuration" title="Permanent link">&para;</a></h1>
<h1 id="custom-configuration">Custom Configuration<a class="headerlink" href="#custom-configuration" title="Permanent link"></a></h1>
<p>Using a <a href="https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/">ConfigMap</a> is possible to customize the NGINX configuration</p>
<p>For example, if we want to change the timeouts we need to create a ConfigMap:</p>
<div class="codehilite"><pre><span></span>$ cat configmap.yaml

8
examples/customization/custom-errors/index.html
View file

@ -1223,9 +1223,9 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/custom-errors/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="custom-errors">Custom Errors<a class="headerlink" href="#custom-errors" title="Permanent link">&para;</a></h1>
<h1 id="custom-errors">Custom Errors<a class="headerlink" href="#custom-errors" title="Permanent link"></a></h1>
<p>This example demonstrates how to use a custom backend to render custom error pages.</p>
<h2 id="customized-default-backend">Customized default backend<a class="headerlink" href="#customized-default-backend" title="Permanent link">&para;</a></h2>
<h2 id="customized-default-backend">Customized default backend<a class="headerlink" href="#customized-default-backend" title="Permanent link"></a></h2>
<p>First, create the custom <code class="codehilite">default-backend</code>. It will be used by the Ingress controller later on.</p>
<div class="codehilite"><pre><span></span>$ kubectl create -f custom-default-backend.yaml
service <span class="s2">&quot;nginx-errors&quot;</span> created
@ -1241,7 +1241,7 @@ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o"
service/nginx-errors ClusterIP <span class="m">10</span>.0.0.12 &lt;none&gt; <span class="m">80</span>/TCP 10s
</pre></div>
<h2 id="ingress-controller-configuration">Ingress controller configuration<a class="headerlink" href="#ingress-controller-configuration" title="Permanent link">&para;</a></h2>
<h2 id="ingress-controller-configuration">Ingress controller configuration<a class="headerlink" href="#ingress-controller-configuration" title="Permanent link"></a></h2>
<p>If you do not already have an instance of the NGINX Ingress controller running, deploy it according to the
<a href="../../../deploy/">deployment guide</a>, then follow these steps:</p>
<ol>
@ -1265,7 +1265,7 @@ ingress-nginx ClusterIP <span class="m">10</span>.0.0.13 &lt;none&gt;
<p>The <code class="codehilite">ingress-nginx</code> Service is of type <code class="codehilite">ClusterIP</code> in this example. This may vary depending on your environment.
Make sure you can use the Service to reach NGINX before proceeding with the rest of this example.</p>
</div>
<h2 id="testing-error-pages">Testing error pages<a class="headerlink" href="#testing-error-pages" title="Permanent link">&para;</a></h2>
<h2 id="testing-error-pages">Testing error pages<a class="headerlink" href="#testing-error-pages" title="Permanent link"></a></h2>
<p>Let us send a couple of HTTP requests using cURL and validate everything is working as expected.</p>
<p>A request to the default backend returns a 404 error with a custom message:</p>
<div class="codehilite"><pre><span></span>$ curl -D- http://10.0.0.13/

4
examples/customization/custom-headers/index.html
View file

@ -1195,7 +1195,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/custom-headers/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="custom-headers">Custom Headers<a class="headerlink" href="#custom-headers" title="Permanent link">&para;</a></h1>
<h1 id="custom-headers">Custom Headers<a class="headerlink" href="#custom-headers" title="Permanent link"></a></h1>
<p>This example demonstrates configuration of the nginx ingress controller via
a ConfigMap to pass a custom list of headers to the upstream
server.</p>
@ -1208,7 +1208,7 @@ server.</p>
</pre></div>
<p>The nginx ingress controller will read the <code class="codehilite">ingress-nginx/nginx-configuration</code> ConfigMap, find the <code class="codehilite">proxy-set-headers</code> key, read HTTP headers from the <code class="codehilite">ingress-nginx/custom-headers</code> ConfigMap, and include those HTTP headers in all requests flowing from nginx to the backends.</p>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check the contents of the ConfigMaps are present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n ingress-nginx cat /etc/nginx/nginx.conf</code></p>

2
examples/customization/external-auth-headers/index.html
View file

@ -1150,7 +1150,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/external-auth-headers/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="external-authentication-authentication-service-response-headers-propagation">External authentication, authentication service response headers propagation<a class="headerlink" href="#external-authentication-authentication-service-response-headers-propagation" title="Permanent link">&para;</a></h1>
<h1 id="external-authentication-authentication-service-response-headers-propagation">External authentication, authentication service response headers propagation<a class="headerlink" href="#external-authentication-authentication-service-response-headers-propagation" title="Permanent link"></a></h1>
<p>This example demonstrates propagation of selected authentication service response headers
to backend service.</p>
<p>Sample configuration includes:</p>

8
examples/customization/ssl-dh-param/index.html
View file

@ -1223,11 +1223,11 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/ssl-dh-param/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="custom-dh-parameters-for-perfect-forward-secrecy">Custom DH parameters for perfect forward secrecy<a class="headerlink" href="#custom-dh-parameters-for-perfect-forward-secrecy" title="Permanent link">&para;</a></h1>
<h1 id="custom-dh-parameters-for-perfect-forward-secrecy">Custom DH parameters for perfect forward secrecy<a class="headerlink" href="#custom-dh-parameters-for-perfect-forward-secrecy" title="Permanent link"></a></h1>
<p>This example aims to demonstrate the deployment of an nginx ingress controller and
use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
"Perfect Forward Secrecy".</p>
<h2 id="custom-configuration">Custom configuration<a class="headerlink" href="#custom-configuration" title="Permanent link">&para;</a></h2>
<h2 id="custom-configuration">Custom configuration<a class="headerlink" href="#custom-configuration" title="Permanent link"></a></h2>
<div class="codehilite"><pre><span></span><span class="gp">$</span> cat configmap.yaml
<span class="go">apiVersion: v1</span>
<span class="go">data:</span>
@ -1244,7 +1244,7 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f configmap.yaml
</pre></div>
<h2 id="custom-dh-parameters-secret">Custom DH parameters secret<a class="headerlink" href="#custom-dh-parameters-secret" title="Permanent link">&para;</a></h2>
<h2 id="custom-dh-parameters-secret">Custom DH parameters secret<a class="headerlink" href="#custom-dh-parameters-secret" title="Permanent link"></a></h2>
<div class="codehilite"><pre><span></span><span class="gp">$</span>&gt; openssl dhparam <span class="m">1024</span> <span class="m">2</span>&gt; /dev/null <span class="p">|</span> base64
<span class="go">LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...</span>
</pre></div>
@ -1265,7 +1265,7 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f ssl-dh-param.yaml
</pre></div>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
<h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link"></a></h2>
<p>Check the contents of the configmap is present in the nginx.conf file using:
<code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>

2
examples/customization/sysctl/index.html
View file

@ -1150,7 +1150,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/customization/sysctl/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="sysctl-tuning">Sysctl tuning<a class="headerlink" href="#sysctl-tuning" title="Permanent link">&para;</a></h1>
<h1 id="sysctl-tuning">Sysctl tuning<a class="headerlink" href="#sysctl-tuning" title="Permanent link"></a></h1>
<p>This example aims to demonstrate the use of an Init Container to adjust sysctl default values
using <code class="codehilite">kubectl patch</code></p>
<div class="codehilite"><pre><span></span><span class="go">kubectl patch deployment -n ingress-nginx nginx-ingress-controller --patch=&quot;$(cat patch.json)&quot;</span>

10
examples/docker-registry/index.html
View file

@ -1247,9 +1247,9 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/docker-registry/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="docker-registry">Docker registry<a class="headerlink" href="#docker-registry" title="Permanent link">&para;</a></h1>
<h1 id="docker-registry">Docker registry<a class="headerlink" href="#docker-registry" title="Permanent link"></a></h1>
<p>This example demonstrates how to deploy a <a href="https://github.com/docker/distribution">docker registry</a> in the cluster and configure Ingress enable access from Internet</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link">&para;</a></h2>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>First we deploy the docker registry in the cluster:</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml</span>
</pre></div>
@ -1260,7 +1260,7 @@
<p>This deployment uses <code class="codehilite">emptyDir</code> in the <code class="codehilite">volumeMount</code> which means the contents of the registry will be deleted when the pod dies.</p>
</div>
<p>The next required step is creation of the ingress rules. To do this we have two options: with and without TLS</p>
<h3 id="without-tls">Without TLS<a class="headerlink" href="#without-tls" title="Permanent link">&para;</a></h3>
<h3 id="without-tls">Without TLS<a class="headerlink" href="#without-tls" title="Permanent link"></a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml</span>
</pre></div>
@ -1270,13 +1270,13 @@
</div>
<p>Running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.</p>
<p>Please check <a href="https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry">deploy a plain http registry</a></p>
<h3 id="with-tls">With TLS<a class="headerlink" href="#with-tls" title="Permanent link">&para;</a></h3>
<h3 id="with-tls">With TLS<a class="headerlink" href="#with-tls" title="Permanent link"></a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml</span>
</pre></div>
<p>Deploy <a href="https://github.com/jetstack/kube-lego">kube lego</a> use <a href="https://letsencrypt.org/">Let's Encrypt</a> certificates or edit the ingress rule to use a secret with an existing SSL certificate.</p>
<h3 id="testing">Testing<a class="headerlink" href="#testing" title="Permanent link">&para;</a></h3>
<h3 id="testing">Testing<a class="headerlink" href="#testing" title="Permanent link"></a></h3>
<p>To test the registry is working correctly we download a known image from <a href="https://hub.docker.com">docker hub</a>, create a tag pointing to the new registry and upload the image:</p>
<div class="codehilite"><pre><span></span><span class="go">docker pull ubuntu:16.04</span>
<span class="go">docker tag ubuntu:16.04 `registry.&lt;your domain&gt;/ubuntu:16.04`</span>

16
examples/grpc/index.html
View file

@ -1289,10 +1289,10 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/grpc/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="grpc">gRPC<a class="headerlink" href="#grpc" title="Permanent link">&para;</a></h1>
<h1 id="grpc">gRPC<a class="headerlink" href="#grpc" title="Permanent link"></a></h1>
<p>This example demonstrates how to route traffic to a gRPC service through the
nginx controller.</p>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">&para;</a></h2>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<ol>
<li>You have a kubernetes cluster running.</li>
<li>You have a domain name such as <code class="codehilite">example.com</code> that is configured to route
@ -1309,7 +1309,7 @@ nginx controller.</p>
<a href="https://github.com/kubernetes/ingress-nginx/tree/master/images/grpc-fortune-teller">fortune-teller</a>
application provided here as an example. </li>
</ol>
<h3 id="step-1-kubernetes-deployment">Step 1: kubernetes <code class="codehilite">Deployment</code><a class="headerlink" href="#step-1-kubernetes-deployment" title="Permanent link">&para;</a></h3>
<h3 id="step-1-kubernetes-deployment">Step 1: kubernetes <code class="codehilite">Deployment</code><a class="headerlink" href="#step-1-kubernetes-deployment" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f app.yaml
</pre></div>
@ -1332,13 +1332,13 @@ inside the cluster and arrive "insecure").</p>
<p>For your own application you may or may not want to do this. If you prefer to
forward encrypted traffic to your POD and terminate TLS at the gRPC server
itself, add the ingress annotation <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPCS&quot;</code>.</p>
<h3 id="step-2-the-kubernetes-service">Step 2: the kubernetes <code class="codehilite">Service</code><a class="headerlink" href="#step-2-the-kubernetes-service" title="Permanent link">&para;</a></h3>
<h3 id="step-2-the-kubernetes-service">Step 2: the kubernetes <code class="codehilite">Service</code><a class="headerlink" href="#step-2-the-kubernetes-service" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f svc.yaml
</pre></div>
<p>Here we have a typical service. Nothing special, just routing traffic to the
backend application on port <code class="codehilite">50051</code>.</p>
<h3 id="step-3-the-kubernetes-ingress">Step 3: the kubernetes <code class="codehilite">Ingress</code><a class="headerlink" href="#step-3-the-kubernetes-ingress" title="Permanent link">&para;</a></h3>
<h3 id="step-3-the-kubernetes-ingress">Step 3: the kubernetes <code class="codehilite">Ingress</code><a class="headerlink" href="#step-3-the-kubernetes-ingress" title="Permanent link"></a></h3>
<div class="codehilite"><pre><span></span>$ kubectl create -f ingress.yaml
</pre></div>
@ -1353,7 +1353,7 @@ backend application on port <code class="codehilite">50051</code>.</p>
<code class="codehilite">https://fortune-teller.stack.build:443</code> and routes unencrypted messages to
our kubernetes service.</li>
</ol>
<h3 id="step-4-test-the-connection">Step 4: test the connection<a class="headerlink" href="#step-4-test-the-connection" title="Permanent link">&para;</a></h3>
<h3 id="step-4-test-the-connection">Step 4: test the connection<a class="headerlink" href="#step-4-test-the-connection" title="Permanent link"></a></h3>
<p>Once we've applied our configuration to kubernetes, it's time to test that we
can actually talk to the backend. To do this, we'll use the
<a href="https://github.com/fullstorydev/grpcurl">grpcurl</a> utility:</p>
@ -1363,7 +1363,7 @@ can actually talk to the backend. To do this, we'll use the
<span class="o">}</span>
</pre></div>
<h3 id="debugging-hints">Debugging Hints<a class="headerlink" href="#debugging-hints" title="Permanent link">&para;</a></h3>
<h3 id="debugging-hints">Debugging Hints<a class="headerlink" href="#debugging-hints" title="Permanent link"></a></h3>
<ol>
<li>Obviously, watch the logs on your app.</li>
<li>Watch the logs for the nginx-ingress-controller (increasing verbosity as
@ -1379,7 +1379,7 @@ https://proto.stack.build, a protocol buffer / gRPC build service that can use
to help make it easier for your users to consume your API.</p>
<p>See also the specific GRPC settings of NGINX: https://nginx.org/en/docs/http/ngx_http_grpc_module.html</p>
</blockquote>
<h3 id="notes-on-using-responserequest-streams">Notes on using response/request streams<a class="headerlink" href="#notes-on-using-responserequest-streams" title="Permanent link">&para;</a></h3>
<h3 id="notes-on-using-responserequest-streams">Notes on using response/request streams<a class="headerlink" href="#notes-on-using-responserequest-streams" title="Permanent link"></a></h3>
<ol>
<li>If your server does only response streaming and you expect a stream to be open longer than 60 seconds, you will have to change the <code class="codehilite">grpc_read_timeout</code> to acommodate for this.</li>
<li>If your service does only request streaming and you expect a stream to be open longer than 60 seconds, you have to change the

2
examples/index.html
View file

@ -1148,7 +1148,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/index.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="ingress-examples">Ingress examples<a class="headerlink" href="#ingress-examples" title="Permanent link">&para;</a></h1>
<h1 id="ingress-examples">Ingress examples<a class="headerlink" href="#ingress-examples" title="Permanent link"></a></h1>
<p>This directory contains a catalog of examples on how to run, configure and scale Ingress.<br />
Please review the <a href="PREREQUISITES/">prerequisites</a> before trying them.</p>
<table>

2
examples/multi-tls/index.html
View file

@ -1148,7 +1148,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/multi-tls/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="multi-tls-certificate-termination">Multi TLS certificate termination<a class="headerlink" href="#multi-tls-certificate-termination" title="Permanent link">&para;</a></h1>
<h1 id="multi-tls-certificate-termination">Multi TLS certificate termination<a class="headerlink" href="#multi-tls-certificate-termination" title="Permanent link"></a></h1>
<p>This example uses 2 different certificates to terminate SSL for 2 hostnames.</p>
<ol>
<li>Deploy the controller by creating the rc in the parent dir</li>

2
examples/psp/index.html
View file

@ -1148,7 +1148,7 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/psp/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="pod-security-policy-psp">Pod Security Policy (PSP)<a class="headerlink" href="#pod-security-policy-psp" title="Permanent link">&para;</a></h1>
<h1 id="pod-security-policy-psp">Pod Security Policy (PSP)<a class="headerlink" href="#pod-security-policy-psp" title="Permanent link"></a></h1>
<p>In most clusters today, by default, all resources (e.g. Deployments and ReplicatSets)
have permissions to create pods.
Kubernetes however provides a more fine-grained authorization policy called

18
examples/rewrite/index.html
View file

@ -1261,13 +1261,13 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/rewrite/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="rewrite">Rewrite<a class="headerlink" href="#rewrite" title="Permanent link">&para;</a></h1>
<h1 id="rewrite">Rewrite<a class="headerlink" href="#rewrite" title="Permanent link"></a></h1>
<p>This example demonstrates how to use the Rewrite annotations</p>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">&para;</a></h2>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<p>You will need to make sure your Ingress targets exactly one Ingress
controller by specifying the <a href="../../user-guide/multiple-ingress/">ingress.class annotation</a>,
and that you have an ingress controller <a href="../../deploy">running</a> in your cluster.</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link">&para;</a></h2>
and that you have an ingress controller <a href="../../deploy/">running</a> in your cluster.</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>Rewriting can be controlled using the following annotations:</p>
<table>
<thead>
@ -1305,15 +1305,15 @@ and that you have an ingress controller <a href="../../deploy">running</a> in yo
</tr>
</tbody>
</table>
<h2 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">&para;</a></h2>
<h3 id="rewrite-target">Rewrite Target<a class="headerlink" href="#rewrite-target" title="Permanent link">&para;</a></h3>
<h2 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link"></a></h2>
<h3 id="rewrite-target">Rewrite Target<a class="headerlink" href="#rewrite-target" title="Permanent link"></a></h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Starting in Version 0.22.0, ingress definitions using the annotation <code class="codehilite">nginx.ingress.kubernetes.io/rewrite-target</code> are not backwards compatible with previous versions. In Version 0.22.0 and beyond, any substrings within the request URI that need to be passed to the rewritten path must explicitly be defined in a <a href="https://www.regular-expressions.info/refcapture.html">capture group</a>.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><a href="https://www.regular-expressions.info/refcapture.html">Captured groups</a> are saved in numbered placeholders, chronologically, in the form <code class="codehilite">$1</code>, <code class="codehilite">$2</code> ... <code class="codehilite">$n</code>. These placeholders can be used as parameters in the <code class="codehilite">rewrite-target</code> annotation. </p>
<p><a href="https://www.regular-expressions.info/refcapture.html">Captured groups</a> are saved in numbered placeholders, chronologically, in the form <code class="codehilite">$1</code>, <code class="codehilite">$2</code> ... <code class="codehilite">$n</code>. These placeholders can be used as parameters in the <code class="codehilite">rewrite-target</code> annotation.</p>
</div>
<p>Create an Ingress rule with a rewrite annotation:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nb">echo</span> <span class="err">&#39;</span>
@ -1336,12 +1336,12 @@ and that you have an ingress controller <a href="../../deploy">running</a> in yo
<span class="go">&#39; | kubectl create -f -</span>
</pre></div>
<p>In this ingress definition, any characters captured by <code class="codehilite">(.*)</code> will be assigned to the placeholder <code class="codehilite">$2</code>, which is then used as a parameter in the <code class="codehilite">rewrite-target</code> annotation. </p>
<p>In this ingress definition, any characters captured by <code class="codehilite">(.*)</code> will be assigned to the placeholder <code class="codehilite">$2</code>, which is then used as a parameter in the <code class="codehilite">rewrite-target</code> annotation.</p>
<p>For example, the ingress definition above will result in the following rewrites:
- <code class="codehilite">rewrite.bar.com/something</code> rewrites to <code class="codehilite">rewrite.bar.com/</code>
- <code class="codehilite">rewrite.bar.com/something/</code> rewrites to <code class="codehilite">rewrite.bar.com/</code>
- <code class="codehilite">rewrite.bar.com/something/new</code> rewrites to <code class="codehilite">rewrite.bar.com/new</code></p>
<h3 id="app-root">App Root<a class="headerlink" href="#app-root" title="Permanent link">&para;</a></h3>
<h3 id="app-root">App Root<a class="headerlink" href="#app-root" title="Permanent link"></a></h3>
<p>Create an Ingress rule with a app-root annotation:
<div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s2">&quot;</span>
<span class="s2">apiVersion: extensions/v1beta1</span>

14
examples/static-ip/index.html
View file

@ -1249,14 +1249,14 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/static-ip/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="static-ips">Static IPs<a class="headerlink" href="#static-ips" title="Permanent link">&para;</a></h1>
<h1 id="static-ips">Static IPs<a class="headerlink" href="#static-ips" title="Permanent link"></a></h1>
<p>This example demonstrates how to assign a static-ip to an Ingress on through the Nginx controller.</p>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">&para;</a></h2>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<p>You need a <a href="../PREREQUISITES/#tls-certificates">TLS cert</a> and a <a href="../PREREQUISITES/#test-http-service">test HTTP service</a> for this example.
You will also need to make sure your Ingress targets exactly one Ingress
controller by specifying the <a href="../../user-guide/multiple-ingress/">ingress.class annotation</a>,
and that you have an ingress controller <a href="../../deploy">running</a> in your cluster.</p>
<h2 id="acquiring-an-ip">Acquiring an IP<a class="headerlink" href="#acquiring-an-ip" title="Permanent link">&para;</a></h2>
and that you have an ingress controller <a href="../../deploy/">running</a> in your cluster.</p>
<h2 id="acquiring-an-ip">Acquiring an IP<a class="headerlink" href="#acquiring-an-ip" title="Permanent link"></a></h2>
<p>Since instances of the nginx controller actually run on nodes in your cluster,
by default nginx Ingresses will only get static IPs if your cloudprovider
supports static IP assignments to nodes. On GKE/GCE for example, even though
@ -1279,7 +1279,7 @@ already has it set to "nginx-ingress-lb").</p>
<span class="go">deployment &quot;nginx-ingress-controller&quot; created</span>
</pre></div>
<h2 id="assigning-the-ip-to-an-ingress">Assigning the IP to an Ingress<a class="headerlink" href="#assigning-the-ip-to-an-ingress" title="Permanent link">&para;</a></h2>
<h2 id="assigning-the-ip-to-an-ingress">Assigning the IP to an Ingress<a class="headerlink" href="#assigning-the-ip-to-an-ingress" title="Permanent link"></a></h2>
<p>From here on every Ingress created with the <code class="codehilite">ingress.class</code> annotation set to
<code class="codehilite">nginx</code> will get the IP allocated in the previous step</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f nginx-ingress.yaml
@ -1300,7 +1300,7 @@ already has it set to "nginx-ingress-lb").</p>
<span class="go">...</span>
</pre></div>
<h2 id="retaining-the-ip">Retaining the IP<a class="headerlink" href="#retaining-the-ip" title="Permanent link">&para;</a></h2>
<h2 id="retaining-the-ip">Retaining the IP<a class="headerlink" href="#retaining-the-ip" title="Permanent link"></a></h2>
<p>You can test retention by deleting the Ingress</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl delete ing nginx-ingress
<span class="go">ingress &quot;nginx-ingress&quot; deleted</span>
@ -1318,7 +1318,7 @@ already has it set to "nginx-ingress-lb").</p>
Ingresses, because all requests are proxied through the same set of nginx
controllers.</p>
</blockquote>
<h2 id="promote-ephemeral-to-static-ip">Promote ephemeral to static IP<a class="headerlink" href="#promote-ephemeral-to-static-ip" title="Permanent link">&para;</a></h2>
<h2 id="promote-ephemeral-to-static-ip">Promote ephemeral to static IP<a class="headerlink" href="#promote-ephemeral-to-static-ip" title="Permanent link"></a></h2>
<p>To promote the allocated IP to static, you can update the Service manifest</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl patch svc nginx-ingress-lb -p <span class="s1">&#39;{&quot;spec&quot;: {&quot;loadBalancerIP&quot;: &quot;104.154.109.191&quot;}}&#39;</span>
<span class="go">&quot;nginx-ingress-lb&quot; patched</span>

8
examples/tls-termination/index.html
View file

@ -1221,11 +1221,11 @@
<a href="https://github.com/kubernetes/ingress-nginx/edit/master/docs/examples/tls-termination/README.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="tls-termination">TLS termination<a class="headerlink" href="#tls-termination" title="Permanent link">&para;</a></h1>
<h1 id="tls-termination">TLS termination<a class="headerlink" href="#tls-termination" title="Permanent link"></a></h1>
<p>This example demonstrates how to terminate TLS through the nginx Ingress controller.</p>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link">&para;</a></h2>
<h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permanent link"></a></h2>
<p>You need a <a href="../PREREQUISITES/#tls-certificates">TLS cert</a> and a <a href="../PREREQUISITES/#test-http-service">test HTTP service</a> for this example.</p>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link">&para;</a></h2>
<h2 id="deployment">Deployment<a class="headerlink" href="#deployment" title="Permanent link"></a></h2>
<p>Create a <code class="codehilite">values.yaml</code> file.</p>
<div class="codehilite"><pre><span></span><span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">extensions/v1beta1</span>
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Ingress</span>
@ -1254,7 +1254,7 @@ TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
<div class="codehilite"><pre><span></span><span class="go">kubectl apply -f ingress.yaml</span>
</pre></div>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link">&para;</a></h2>
<h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link"></a></h2>
<p>You can confirm that the Ingress works.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
<span class="go">Name: nginx-test</span>