DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-04-29 15:47:17 +00:00
parent 89c9353364
commit db71e32e5f
19 changed files with 359 additions and 266 deletions
Download patch file Download diff file Expand all files Collapse all files

4
examples/PREREQUISITES/index.html
View file

@ -1165,7 +1165,7 @@ key/cert pair with an arbitrarily chosen hostname, created as follows</p>
<h2 id="ca-authentication">CA Authentication<a class="headerlink" href="#ca-authentication" title="Permanent link">&para;</a></h2>
<p>You can act as your very own CA, or use an existing one. As an exercise / learning, we're going to generate our
own CA, and also generate a client certificate.</p>
<p>These instructions are based on CoreOS OpenSSL <a href="https://coreos.com/kubernetes/docs/latest/openssl.html">instructions</a></p>
<p>These instructions are based on CoreOS OpenSSL. <a href="https://coreos.com/kubernetes/docs/latest/openssl.html">See live doc.</a></p>
<h3 id="generating-a-ca">Generating a CA<a class="headerlink" href="#generating-a-ca" title="Permanent link">&para;</a></h3>
<p>First of all, you've to generate a CA. This is going to be the one who will sign your client certificates.
In real production world, you may face CAs with intermediate certificates, as the following:</p>
@ -1243,7 +1243,7 @@ the TLS Auth directive:</p>
</pre></div>
<p>Note: You can also generate the CA Authentication Secret along with the TLS Secret by using:</p>
<p><strong>Note:</strong> You can also generate the CA Authentication Secret along with the TLS Secret by using:</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create secret generic caingress --namespace<span class="o">=</span>default --from-file<span class="o">=</span>ca.crt<span class="o">=</span>&lt;ca.crt&gt; --from-file<span class="o">=</span>tls.crt<span class="o">=</span>&lt;tls.crt&gt; --from-file<span class="o">=</span>tls.key<span class="o">=</span>&lt;tls.key&gt;
</pre></div>

2
examples/customization/custom-errors/rc-custom-errors.yaml
View file

@ -16,7 +16,7 @@ spec:
spec:
terminationGracePeriodSeconds: 60
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
name: nginx-ingress-lb
imagePullPolicy: Always
readinessProbe:

14
examples/docker-registry/README/index.html
View file

@ -1125,8 +1125,11 @@
</pre></div>
<p><strong>Important:</strong> DO NOT RUN THIS IN PRODUCTION.
This deployment uses <code class="codehilite">emptyDir</code> in the <code class="codehilite">volumeMount</code> which means the contents of the registry will be deleted when the pod dies.</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p><strong>DO NOT RUN THIS IN PRODUCTION</strong></p>
<p>This deployment uses <code class="codehilite">emptyDir</code> in the <code class="codehilite">volumeMount</code> which means the contents of the registry will be deleted when the pod dies.</p>
</div>
<p>The next required step is creation of the ingress rules. To do this we have two options: with and without TLS</p>
<h3 id="without-tls">Without TLS<a class="headerlink" href="#without-tls" title="Permanent link">&para;</a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
@ -1134,8 +1137,11 @@ This deployment uses <code class="codehilite">emptyDir</code> in the <code class
</pre></div>
<p><strong>Important:</strong> running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.
Please check <a href="https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry">deploy a plain http registry</a></p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>Running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.</p>
<p>Please check <a href="https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry">deploy a plain http registry</a></p>
</div>
<h3 id="with-tls">With TLS<a class="headerlink" href="#with-tls" title="Permanent link">&para;</a></h3>
<p>Download and edit the yaml deployment replacing <code class="codehilite">registry.&lt;your domain&gt;</code> with a valid DNS name pointing to the ingress controller:</p>
<div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml</span>

7
examples/external-auth/README/index.html
View file

@ -1121,7 +1121,10 @@
<h3 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">&para;</a></h3>
<p>The <code class="codehilite">auth-url</code> and <code class="codehilite">auth-signin</code> annotations allow you to use an external
authentication provider to protect your Ingress resources.</p>
<p>(Note, this annotation requires <code class="codehilite">nginx-ingress-controller v0.9.0</code> or greater.)</p>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>this annotation requires <code class="codehilite">nginx-ingress-controller v0.9.0</code> or greater.)</p>
</div>
<h3 id="key-detail">Key Detail<a class="headerlink" href="#key-detail" title="Permanent link">&para;</a></h3>
<p>This functionality is enabled by deploying multiple Ingress objects for a single host.
One Ingress object has no special annotations and handles authentication.</p>
@ -1151,7 +1154,7 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
<ol>
<li>Create a custom Github OAuth application https://github.com/settings/applications/new</li>
<li>Create a <a href="https://github.com/settings/applications/new">custom Github OAuth application</a></li>
</ol>
<p><img alt="Register OAuth2 Application" src="../images/register-oauth-app.png" /></p>
<ul>

2
examples/static-ip/README/index.html
View file

@ -1187,9 +1187,11 @@ already has it set to "nginx-ingress-lb").</p>
</pre></div>
<blockquote>
<p>Note that unlike the GCE Ingress, the same loadbalancer IP is shared amongst all
Ingresses, because all requests are proxied through the same set of nginx
controllers.</p>
</blockquote>
<h2 id="promote-ephemeral-to-static-ip">Promote ephemeral to static IP<a class="headerlink" href="#promote-ephemeral-to-static-ip" title="Permanent link">&para;</a></h2>
<p>To promote the allocated IP to static, you can update the Service manifest</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl patch svc nginx-ingress-lb -p <span class="s1">&#39;{&quot;spec&quot;: {&quot;loadBalancerIP&quot;: &quot;104.154.109.191&quot;}}&#39;</span>

2
examples/static-ip/nginx-ingress-controller.yaml
View file

@ -21,7 +21,7 @@ spec:
# hostNetwork: true
terminationGracePeriodSeconds: 60
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.13.0
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.14.0
name: nginx-ingress-controller
readinessProbe:
httpGet: