diff --git a/docs/installation.md b/docs/installation.md new file mode 100644 index 0000000000..0717dfc049 --- /dev/null +++ b/docs/installation.md @@ -0,0 +1,157 @@ +# Installing the Ingress Controller + +## Prerequisites + +Make sure you have access to the Ingress controller image: + +* For NGINX Ingress controller, use the image `nginxdemos/nginx-ingress` from [DockerHub](https://hub.docker.com/r/nginxdemos/nginx-ingress/). +* For NGINX Plus Ingress controller, build your own image and push it to your private Docker registry by following the instructions from [here](../nginx-controller). + +The installation manifests are located in the [install](../install) folder. In the steps below we assume that you will be running the commands from that folder. + +## 1. Create a Namespace, a SA and the Default Secret. + +1. Create a namespace and a service account for the Ingress controller: + ``` + kubectl apply -f common/ns-and-sa.yaml + + ``` + +1. Create a secret with a TLS certificate and a key for the default server in NGINX: + ``` + $ kubectl apply -f common/default-server-secret.yaml + ``` + + **Note**: The default server returns the Not Found page with the 404 status code for all requests for domains for which there are no Ingress rules defined. For testing purposes we include a self-signed certificate and key that we generated. However, we recommend that you use your own certificate and key. + +1. *Optional*. Create a config map for customizing NGINX configuration (read more about customization [here](../examples/customization)): + ``` + $ kubectl apply -f common/nginx-config.yaml + ``` + +## 2. Configure RBAC + +If RBAC is enabled in your cluster, create a cluster role and bind it to the service account, created in Step 1: +``` +$ kubectl apply -f rbac/rbac.yaml +``` + +**Note**: To perform this step you must be a cluster admin. + +## 3. Deploy the Ingress Controller + +We include two options for deploying the Ingress controller: +* *Deployment*. Use a Deployment if you plan to dynamically change the number of Ingress controller replicas. +* *DaemonSet*. Use a DaemonSet for deploying the Ingress controller on every node or a subset of nodes. + +### 3.1 Create a Deployment + +For NGINX, run: +``` +$ kubectl apply -f deployment/nginx-ingress.yaml +``` + +For NGINX Plus, run: +``` +$ kubectl apply -f deployment/nginx-plus-ingress.yaml +``` + +**Note**: Update the `nginx-plus-ingress.yaml` with the container image that you have built. + +Kubernetes will create one Ingress controller pod. + + +### 3.2 Create a DaemonSet + +For NGINX, run: +``` +$ kubectl apply -f daemon-set/nginx-ingress.yaml +``` + +For NGINX Plus, run: +``` +$ kubectl apply -f daemon-set/nginx-plus-ingress.yaml +``` + +**Note**: Update the `nginx-plus-ingress.yaml` with the container image that you have built. + +Kubernetes will create an Ingress controller pod on every node of the cluster. Read [this doc](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) to learn how to run the Ingress controller on a subset of nodes, instead of every node of the cluster. + +### 3.3 Check that the Ingress Controller is Running + +Run the following command to make sure that the Ingress controller pods are running: +``` +$ kubectl get pods --namespace=nginx-ingress +``` + +## 4. Get Access to the Ingress Controller + +**If you created a daemonset**, ports 80 and 443 of the Ingress controller container are mapped to the same ports of the node where the container is running. To access the Ingress controller, use those ports and an IP address of any node of the cluster where the Ingress controller is running. + +**If you created a deployment**, below are two options for accessing the Ingress controller pods. + +### 4.1 Service with the Type NodePort + +Create a service with the type *NodePort*: +``` +$ kubectl create -f service/nodeport.yaml +``` +Kubernetes will allocate two ports on every node of the cluster. To access the Ingress controller, use an IP address of any node of the cluster along with two allocated ports. Read more about the type NodePort [here](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport). + +### 4.2 Service with the Type LoadBalancer + +Create a service with the type *LoadBalancer*. Kubernetes will allocate and configure a cloud load balancer for load balancing the Ingress controller pods. + +Create a service using a manifest for your cloud provider: +* For GCP or Azure, run: + ``` + $ kubectl apply -f service/loadbalancer.yaml + ``` +* For AWS, run: + ``` + $ kubectl apply -f service/loadbalancer-aws.yaml + ``` + Kubernetes will allocate a Classic Load Balancer (ELB) in TCP mode with the PROXY protocol enabled to pass the client's information (the IP address and the port). NGINX must be configured to use the PROXY protocol: + * Add the following keys to the config map file `nginx-config.yaml` from the Step 1 : + ``` + proxy-protocol: "True" + real-ip-header: "proxy_protocol" + set-real-ip-from: "0.0.0.0/0" + ``` + * Update the config map: + ``` + kubectl apply -f common/nginx-config.yaml + ``` + **Note**: For AWS, additional options regarding an allocated load balancer are available, such as the type of a load balancer and SSL termination. Read [this doc](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer) to learn more. + +Use the public IP of the load balancer to access the Ingress controller. To get the public IP: +* For GCP or Azure, run: + ``` + $ kubectl get svc nginx-ingress --namespace=nginx-ingress + ``` +* In case of AWS ELB, the public IP is not reported by kubectl, as the IP addresses of the ELB are not static and you should not rely on them, but rely on the ELB DNS name instead. However, you can use them for testing purposes. To get the DNS name of the ELB, run: + ``` + $ kubectl describe svc nginx-ingress --namespace=nginx-ingress + ``` + You can resolve the DNS name into an IP address using `nslookup`: + ``` + $ nslookup + ``` + +Read more about the type LoadBalancer [here](https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer). + +## 5. Access the Live Activity Monitoring Dashboard + +For NGINX Plus, you can access the live activity monitoring dashboard: +1. Use `kubectl port-forward` command to forward connections to port 8080 on your local machine to port 8080 of an NGINX Plus Ingress controller pod (replace with the actual name of a pod): + ``` + $ kubectl port-forward 8080:8080 --namespace=nginx-ingress + ``` +1. Open your browser at http://127.0.0.1:8080/status.html to access the dashboard. + +## Uninstall the Ingress Controller + +Delete the `nginx-ingress` namespace to uninstall the Ingress controller along with all the auxiliary resources that were created: +``` +$ kubectl delete namespace nginx-ingress +``` \ No newline at end of file diff --git a/examples/complete-example/README.md b/examples/complete-example/README.md index 32c94576f2..994304807c 100644 --- a/examples/complete-example/README.md +++ b/examples/complete-example/README.md @@ -1,43 +1,24 @@ # Example -## Prerequisites - -* Kubernetes 1.2 and later (TLS support for Ingress has been added in 1.2) -* For NGINX Plus: - * Build and make available in your cluster the [Ingress controller](../../nginx-controller) image. - * Update the container image field in the ```nginx-plus-ingress-rc.yaml``` file accordingly. +In this example we deploy the NGINX or NGINX Plus Ingress controller, a simple web application and then configure load balancing for that application using the Ingress resource. ## Running the Example ## 1. Deploy the Ingress Controller -1. Create a Secret with an SSL certificate and key for the default server of NGINX/NGINX Plus. The default server returns the Not Found page with the 404 status code for all requests for domains for which there are no Ingress rules defined. It is recommended that you use your own certificate and key. - ``` - $ kubectl create -f default-server-secret.yaml - ``` +1. Follow the installation [instructions](../../docs/installation.md) to deploy the Ingress controller. -2. Create an Ingress controller either for NGINX or NGINX Plus: - ``` - $ kubectl create -f nginx-ingress-rc.yaml +1. Save the public IP address of the Ingress controller into a shell variable: ``` - or + $ IC_IP=XXX.YYY.ZZZ.III ``` - $ kubectl create -f nginx-plus-ingress-rc.yaml - ``` - -3. The controller container exposes ports 80, 443 (and 8080 for NGINX Plus ) -on the host it is running on. Make sure to add a firewall rule to allow incoming traffic -though these ports. ## 2. Deploy the Cafe Application -1. Create the coffee and the tea services and replication controllers: - ``` - $ kubectl create -f tea-rc.yaml - $ kubectl create -f tea-svc.yaml - $ kubectl create -f coffee-rc.yaml - $ kubectl create -f coffee-svc.yaml - ``` +Create the coffee and the tea deployments and services: +``` +$ kubectl create -f cafe.yaml +``` ## 3. Configure Load Balancing @@ -46,80 +27,33 @@ though these ports. $ kubectl create -f cafe-secret.yaml ``` -2. Create an Ingress Resource: +2. Create an Ingress resource: ``` $ kubectl create -f cafe-ingress.yaml ``` ## 4. Test the Application -1. Find out the external IP address of the node where the controller is running: - ``` - $ kubectl get pods -o wide - NAME READY STATUS RESTARTS AGE NODE - coffee-rc-mtjuw 1/1 Running 0 3m kubernetes-minion-iikt - coffee-rc-mu9ns 1/1 Running 0 3m kubernetes-minion-cm0y - nginx-plus-ingress-rc-86kkq 1/1 Running 0 1m kubernetes-minion-iikt - tea-rc-7w3fq 1/1 Running 0 3m kubernetes-minion-iikt - ``` - - ``` - $ kubectl get node kubernetes-minion-iikt -o json | grep -A 2 ExternalIP - "type": "ExternalIP", - "address": "XXX.YYY.ZZZ.III" - } - ``` - -2. To see that the controller is working, let's curl the coffee and the tea services. -We'll use ```curl```'s --insecure option to turn off certificate verification of our self-signed +1. To access the application, curl the coffee and the tea services. We'll use ```curl```'s --insecure option to turn off certificate verification of our self-signed certificate and the --resolve option to set the Host header of a request with ```cafe.example.com``` To get coffee: ``` - $ curl --resolve cafe.example.com:443:XXX.YYY.ZZZ.III https://cafe.example.com/coffee --insecure - - - - Hello from NGINX! - - - -

Hello!

-

URI = /coffee

-

My hostname is coffee-rc-mu9ns

-

My address is 10.244.0.3:80

- - + $ curl --resolve cafe.example.com:443:$IC_IP https://cafe.example.com/coffee --insecure + Server address: 10.12.0.18:80 + Server name: coffee-7586895968-r26zn + ... ``` If your rather prefer tea: ``` - $ curl --resolve cafe.example.com:443:XXX.YYY.ZZZ.III https://cafe.example.com/tea --insecure - - - - Hello from NGINX! - - - -

Hello!

-

URI = /tea

-

My hostname is tea-rc-w7rjr

-

My address is 10.244.0.5:80

- - + $ curl --resolve cafe.example.com:443:$IC_IP https://cafe.example.com/tea --insecure + Server address: 10.12.0.19:80 + Server name: tea-7cd44fcb4d-xfw2x + ... ``` - 3. If you're using NGINX Plus, you can open the live activity monitoring dashboard, which is available at http://XXX.YYY.ZZZ.III:8080/status.html - If you go to the Upstream tab, you'll see: ![dashboard](dashboard.png) + **Note**: If you're using a NodePort service to expose the Ingress controller, replace port 443 in the commands above with the node port that corresponds to port 443. + +1. If you're using NGINX Plus, you can open the live activity monitoring dashboard: + 1. Follow the [instructions](../../docs/installation.md#5-access-the-live-activity-monitoring-dashboard) to access the dashboard. + 1. If you go to the Upstream tab, you'll see: ![dashboard](dashboard.png) diff --git a/examples/complete-example/cafe.yaml b/examples/complete-example/cafe.yaml new file mode 100644 index 0000000000..a5f14a5eb2 --- /dev/null +++ b/examples/complete-example/cafe.yaml @@ -0,0 +1,66 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: coffee +spec: + replicas: 2 + selector: + matchLabels: + app: coffee + template: + metadata: + labels: + app: coffee + spec: + containers: + - name: coffee + image: nginxdemos/hello:plain-text + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: coffee-svc +spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: coffee +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: tea +spec: + replicas: 3 + selector: + matchLabels: + app: tea + template: + metadata: + labels: + app: tea + spec: + containers: + - name: tea + image: nginxdemos/hello:plain-text + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: tea-svc + labels: +spec: + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + selector: + app: tea \ No newline at end of file diff --git a/examples/complete-example/coffee-rc.yaml b/examples/complete-example/coffee-rc.yaml deleted file mode 100644 index ea17cc1038..0000000000 --- a/examples/complete-example/coffee-rc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: coffee-rc -spec: - replicas: 2 - template: - metadata: - labels: - app: coffee - spec: - containers: - - name: coffee - image: nginxdemos/hello - ports: - - containerPort: 80 diff --git a/examples/complete-example/coffee-svc.yaml b/examples/complete-example/coffee-svc.yaml deleted file mode 100644 index eb1f8b889d..0000000000 --- a/examples/complete-example/coffee-svc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: coffee-svc - labels: - app: coffee -spec: - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - selector: - app: coffee diff --git a/examples/complete-example/dashboard.png b/examples/complete-example/dashboard.png index c37355f73a..aaa4ebe161 100644 Binary files a/examples/complete-example/dashboard.png and b/examples/complete-example/dashboard.png differ diff --git a/examples/complete-example/default-server-secret.yaml b/examples/complete-example/default-server-secret.yaml deleted file mode 100644 index eef64cd846..0000000000 --- a/examples/complete-example/default-server-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: default-server-secret -type: Opaque -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdG14YTA4WnRMSGlsZXloTlFjeTlJeGp5WTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3CjU2SFRtUVYyL25xMkVMTHUzaHozY3N1K3NzOVhRMy9wa211cExBOUxuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXcKOEVhZXBKeDVDQmFQeVd2UmZKT29KRUluemZjWmJxODhFZkJJWDh3bVFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMQpQamVwaklwMmdDb2w0TFIzNWh0ZUpPTjJmVUxBenJkRjAwQ09PdlhrUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJCmszZGNxTUtwcVk2NnpRd3UrTHBSRDN2VVo0dHgvVWJ5VHUrZDJHYVdWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTEKQ2UwMTc4Q1NIUWF0Q2lhblNpU095cGpGbU1GdDdTK2tuaW5vV3dJREFRQUJBb0lCQVFDQ002UkFNd2dKRGJOTwp5OTBZY2NFdEk4a2RBZmFXY3ZBSUI3MkZSaDhYbVJ5QllxWnJMUjJSd2t6RUpXRjlXYmtUM3lqZVRuMjFzamRlCmZoVi81RWZDb3NnZC8rWlhTN0FxaTlSSlEzS1dMcEYzbTF0dW8zam5sS2J1RnV4Wm54TE9EN1dhNjN6dGpNZ2kKTUFCMzdVQTYzOE1OVE5MY3JmMTBOa1paSTVRQkpYWWNPRk1ueDJ4MXVLRkU5RHQzWUEzbE9nOWNGdmFJTFpEQQo3WTVHVDlmUXdJQS92OGRWRU1DTkNiSzI1b1dnRG90WUdZaUhiYm1hUk9DTkRpNzVQZFpkM2daQ3IxUHFPWEZHCkJaVEh1L3Q4OXMwV1QyUkpNV2ljVW5XV0oyVHhmRWU1YUQ4R0JjRzEyN0pkamxLSitWZCtHWmxvODVYYVBvdnUKTVFxek1nbUJBb0dCQU9IS1pGbzVnSVkzL0J3aElCZ2RGUytnOG1GK21JTWpxSGVMN1NFSTNYL0UzWjhJd0syUgpmTTVFRUpTZnlETFpDVkNlSS8veWhBOUF6dG9Dam12TzdjMUxJT3kwR3k5dFlJVHlYY0xQNWNBWitBTkJCRExFCitYZkx5SE9KVXBDM2o4RFRZWDF0RENiUGJ5UFZTZENUNHNKT2JrNDVZVXQ3a3pEYTVHSFpsL3hqQW9HQkFNN1UKayt6TE5zbFQ2azJaakJaZW81YUdoMUNCSVV4bzNFNVpGYUZWR2lyMSs4NVlkVDdXVEpublJ6K0l6QXBMMmRqZApPZjVlQS9wa3JVNExMeGMzVVNEYjJwczJuT1hQd1p1OWdqRTM3aml0SUFRd3BHL3FiamQ3Y1ZaR2hlUkQyK3l4ClptTWU3c1BCZEVmcldmK1REYU9lT3B4L2RRcnFyTEc2UXo1ZHlQbXBBb0dBVmsyZ0VnU01wY0RjY253TzRtaXIKWW1zb2VpK0RhQXpISmZxc0JzWjJzNUd5REVteUxDWENDSzFua1FlSjVEV2xJOVZ1ZVRSZldkMHhzNDdxbFRhaApHcWt1eW9zRklSbXpuTjF2RFRtZDNkR1BSTjhqRmF6SWxndWtjTlQ2WkNwbG5oU3QzTjFEbWNvTDl5eGRiSVk2ClZIN2FGcmhFQWpBWDBNSzZMTlNaRFhVQ2dZQlRYc3JWeTBBbFBTY1g2b25XUm9Xb1drZlhBb1lhbDdZZCtyakcKVkZoODhyUnlnNk9YRmFqQTdNSUNjVERXQWFjcFRGdGhGaUtDWHV5Z3BjOXdpMEt2ZlErTU95SlpYRHBOZmNFcAo5OEtWbyt0ZzVQNlRnaXExUUpQNTArbUtqblBxMzhOR3R5UkZVZ2grS1BjWkZ2eUxkRzlwdjlLOCtNVnR5b2ZxCmJzRmhLUUtCZ0NvcEg5Wm95MjJBNStLcnJYZmQ0VXRBcndjN0dVanFUT1hhTzgyd3FpU0hZMndPTGdkWWw0L3kKSDJEYy9EMWxmWS9GL09sckNMZDNpL0lLc0wxNG13R2dxODZRdDhxeTIwcWw4RFNyWG91TmhsQTJmL1ZUTk1SMAp2OXAwU1JrQjI2UVYyUitndnNVYk9xb1lhMlVQVkNuQW9QeTYwTXlBaVJUR3cyeTExbm9lCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file diff --git a/examples/complete-example/nginx-ingress-rc.yaml b/examples/complete-example/nginx-ingress-rc.yaml deleted file mode 100644 index 7c3a4896a7..0000000000 --- a/examples/complete-example/nginx-ingress-rc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: nginx-ingress-rc - labels: - app: nginx-ingress -spec: - replicas: 1 - selector: - app: nginx-ingress - template: - metadata: - labels: - app: nginx-ingress - spec: - containers: - - image: nginxdemos/nginx-ingress:1.1.1 - imagePullPolicy: Always - name: nginx-ingress - ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps - args: - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret diff --git a/examples/complete-example/nginx-plus-ingress-rc.yaml b/examples/complete-example/nginx-plus-ingress-rc.yaml deleted file mode 100644 index e0ad798670..0000000000 --- a/examples/complete-example/nginx-plus-ingress-rc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: nginx-plus-ingress-rc - labels: - app: nginx-plus-ingress -spec: - replicas: 1 - selector: - app: nginx-plus-ingress - template: - metadata: - labels: - app: nginx-plus-ingress - spec: - containers: - - image: nginx-plus-ingress:1.1.1 - imagePullPolicy: Always - name: nginx-plus-ingress - ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 - - containerPort: 8080 - hostPort: 8080 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps - args: - - -nginx-plus - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret diff --git a/examples/complete-example/tea-rc.yaml b/examples/complete-example/tea-rc.yaml deleted file mode 100644 index cae18990ca..0000000000 --- a/examples/complete-example/tea-rc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: tea-rc -spec: - replicas: 3 - template: - metadata: - labels: - app: tea - spec: - containers: - - name: tea - image: nginxdemos/hello - ports: - - containerPort: 80 diff --git a/examples/complete-example/tea-svc.yaml b/examples/complete-example/tea-svc.yaml deleted file mode 100644 index 464276c842..0000000000 --- a/examples/complete-example/tea-svc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: tea-svc - labels: - app: tea -spec: - ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http - selector: - app: tea diff --git a/examples/daemon-set/README.md b/examples/daemon-set/README.md index 8310d7ac60..6c76ae8795 100644 --- a/examples/daemon-set/README.md +++ b/examples/daemon-set/README.md @@ -2,30 +2,4 @@ You can deploy the NGINX or NGINX Plus controller as a [Daemon Set](http://kubernetes.io/docs/admin/daemons/). This allows you to deploy the controller on all or select nodes of your cluster. -1. Create a Secret with an SSL certificate and key for the default server of NGINX/NGINX Plus. It is recommended that you use your own certificate and key. - ``` - $ kubectl create -f default-server-secret.yaml - ``` - -1. To deploy the NGINX controller, run: - ``` - $ kubectl create -f nginx-ingress.yaml - ``` - To deploy the NGINX Plus controller, run: - ``` - $ kubectl create -f nginx-plus-ingress.yaml - ``` - -Once deployed, by default, a controller pod is running on every node of the cluster. The pods are accessible through ports 80 and 443 of each node they get scheduled on. - -Optionally, you can choose to run the controller pods on only select nodes. To accomplish this: -1. Add a label to each node on which you want to run a controller pod. For example: - ``` - kubectl label node node-1 role=nginx-ingress - kubectl label node node-2 role=nginx-ingress - ``` - where *node-1* and *node-2* are some nodes of your cluster. - -1. Uncomment the **nodeSelector** related lines (11-12) in the corresponding daemon set yaml file and specify a label to use to select nodes (`role=nginx-ingress` in this example). - -1. Deploy the controller. The pods are scheduled only on *node-1* and *node-2*. +Read the installation instructions [here](../../docs/installation.md). diff --git a/examples/daemon-set/nginx-ingress.yaml b/examples/daemon-set/nginx-ingress.yaml deleted file mode 100644 index 084d06a24e..0000000000 --- a/examples/daemon-set/nginx-ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: nginx-ingress-controller -spec: - template: - metadata: - labels: - name: nginx-ingress-controller - spec: - # nodeSelector: - # role: nginx-ingress - containers: - - image: nginxdemos/nginx-ingress:1.1.1 - imagePullPolicy: Always - name: nginx-ingress - ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps - args: - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret diff --git a/examples/rbac/README.md b/examples/rbac/README.md index bb2b016f68..5b13952401 100644 --- a/examples/rbac/README.md +++ b/examples/rbac/README.md @@ -1,26 +1,3 @@ # RBAC -For Kubernetes clusters with enabled [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/), follow the steps below to deploy the Ingress controller: - -1. Make sure you are a cluster admin. - -1. If you would like to deploy the Ingress controller in a namespace other than `default`, change the namespace of the service account used in the cluster role binding in `nginx-ingress-rbac.yaml`. - -1. Create a service account, a cluster role and a cluster role binding for the Ingress controller: - ``` - $ kubectl create -f nginx-ingress-rbac.yaml - ``` - -1. As usual, create a secret with an SSL certificate and key for the default server of NGINX/NGINX Plus. It is recommended that you use your own certificate and key. - ``` - $ kubectl create -f default-server-secret.yaml - ``` - -1. Deploy NGINX or NGINX Plus Ingress controller with the service account from the previous step: - ``` - $ kubectl create -f nginx-ingress-rc.yaml - ``` - or - ``` - $ kubectl create -f nginx-plus-ingress-rc.yaml - ``` \ No newline at end of file +It is possible to run the Ingress controller in a cluster with [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) enabled. Read the installation instructions [here](../../docs/installation.md). \ No newline at end of file diff --git a/examples/rbac/default-server-secret.yaml b/examples/rbac/default-server-secret.yaml deleted file mode 100644 index eef64cd846..0000000000 --- a/examples/rbac/default-server-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: default-server-secret -type: Opaque -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdG14YTA4WnRMSGlsZXloTlFjeTlJeGp5WTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3CjU2SFRtUVYyL25xMkVMTHUzaHozY3N1K3NzOVhRMy9wa211cExBOUxuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXcKOEVhZXBKeDVDQmFQeVd2UmZKT29KRUluemZjWmJxODhFZkJJWDh3bVFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMQpQamVwaklwMmdDb2w0TFIzNWh0ZUpPTjJmVUxBenJkRjAwQ09PdlhrUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJCmszZGNxTUtwcVk2NnpRd3UrTHBSRDN2VVo0dHgvVWJ5VHUrZDJHYVdWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTEKQ2UwMTc4Q1NIUWF0Q2lhblNpU095cGpGbU1GdDdTK2tuaW5vV3dJREFRQUJBb0lCQVFDQ002UkFNd2dKRGJOTwp5OTBZY2NFdEk4a2RBZmFXY3ZBSUI3MkZSaDhYbVJ5QllxWnJMUjJSd2t6RUpXRjlXYmtUM3lqZVRuMjFzamRlCmZoVi81RWZDb3NnZC8rWlhTN0FxaTlSSlEzS1dMcEYzbTF0dW8zam5sS2J1RnV4Wm54TE9EN1dhNjN6dGpNZ2kKTUFCMzdVQTYzOE1OVE5MY3JmMTBOa1paSTVRQkpYWWNPRk1ueDJ4MXVLRkU5RHQzWUEzbE9nOWNGdmFJTFpEQQo3WTVHVDlmUXdJQS92OGRWRU1DTkNiSzI1b1dnRG90WUdZaUhiYm1hUk9DTkRpNzVQZFpkM2daQ3IxUHFPWEZHCkJaVEh1L3Q4OXMwV1QyUkpNV2ljVW5XV0oyVHhmRWU1YUQ4R0JjRzEyN0pkamxLSitWZCtHWmxvODVYYVBvdnUKTVFxek1nbUJBb0dCQU9IS1pGbzVnSVkzL0J3aElCZ2RGUytnOG1GK21JTWpxSGVMN1NFSTNYL0UzWjhJd0syUgpmTTVFRUpTZnlETFpDVkNlSS8veWhBOUF6dG9Dam12TzdjMUxJT3kwR3k5dFlJVHlYY0xQNWNBWitBTkJCRExFCitYZkx5SE9KVXBDM2o4RFRZWDF0RENiUGJ5UFZTZENUNHNKT2JrNDVZVXQ3a3pEYTVHSFpsL3hqQW9HQkFNN1UKayt6TE5zbFQ2azJaakJaZW81YUdoMUNCSVV4bzNFNVpGYUZWR2lyMSs4NVlkVDdXVEpublJ6K0l6QXBMMmRqZApPZjVlQS9wa3JVNExMeGMzVVNEYjJwczJuT1hQd1p1OWdqRTM3aml0SUFRd3BHL3FiamQ3Y1ZaR2hlUkQyK3l4ClptTWU3c1BCZEVmcldmK1REYU9lT3B4L2RRcnFyTEc2UXo1ZHlQbXBBb0dBVmsyZ0VnU01wY0RjY253TzRtaXIKWW1zb2VpK0RhQXpISmZxc0JzWjJzNUd5REVteUxDWENDSzFua1FlSjVEV2xJOVZ1ZVRSZldkMHhzNDdxbFRhaApHcWt1eW9zRklSbXpuTjF2RFRtZDNkR1BSTjhqRmF6SWxndWtjTlQ2WkNwbG5oU3QzTjFEbWNvTDl5eGRiSVk2ClZIN2FGcmhFQWpBWDBNSzZMTlNaRFhVQ2dZQlRYc3JWeTBBbFBTY1g2b25XUm9Xb1drZlhBb1lhbDdZZCtyakcKVkZoODhyUnlnNk9YRmFqQTdNSUNjVERXQWFjcFRGdGhGaUtDWHV5Z3BjOXdpMEt2ZlErTU95SlpYRHBOZmNFcAo5OEtWbyt0ZzVQNlRnaXExUUpQNTArbUtqblBxMzhOR3R5UkZVZ2grS1BjWkZ2eUxkRzlwdjlLOCtNVnR5b2ZxCmJzRmhLUUtCZ0NvcEg5Wm95MjJBNStLcnJYZmQ0VXRBcndjN0dVanFUT1hhTzgyd3FpU0hZMndPTGdkWWw0L3kKSDJEYy9EMWxmWS9GL09sckNMZDNpL0lLc0wxNG13R2dxODZRdDhxeTIwcWw4RFNyWG91TmhsQTJmL1ZUTk1SMAp2OXAwU1JrQjI2UVYyUitndnNVYk9xb1lhMlVQVkNuQW9QeTYwTXlBaVJUR3cyeTExbm9lCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== \ No newline at end of file diff --git a/examples/rbac/nginx-plus-ingress-rc.yaml b/examples/rbac/nginx-plus-ingress-rc.yaml deleted file mode 100644 index 7a051edf7d..0000000000 --- a/examples/rbac/nginx-plus-ingress-rc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: ReplicationController -metadata: - name: nginx-plus-ingress-rc - labels: - app: nginx-plus-ingress -spec: - replicas: 1 - selector: - app: nginx-plus-ingress - template: - metadata: - labels: - app: nginx-plus-ingress - spec: - serviceAccountName: nginx-ingress - containers: - - image: nginx-plus-ingress:1.1.1 - imagePullPolicy: Always - name: nginx-plus-ingress - ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 - - containerPort: 8080 - hostPort: 8080 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps - args: - - -nginx-plus - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret diff --git a/install/README.md b/install/README.md new file mode 100644 index 0000000000..40d640f6ab --- /dev/null +++ b/install/README.md @@ -0,0 +1,6 @@ +# Installation + +This folder includes Kubernetes manifests for installing NGINX or NGINX Plus Ingress controller. Read the installation instructions [here](../docs/installation.md). + + + diff --git a/examples/daemon-set/default-server-secret.yaml b/install/common/default-server-secret.yaml similarity index 99% rename from examples/daemon-set/default-server-secret.yaml rename to install/common/default-server-secret.yaml index eef64cd846..3e59e6959d 100644 --- a/examples/daemon-set/default-server-secret.yaml +++ b/install/common/default-server-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: default-server-secret + namespace: nginx-ingress type: Opaque data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lKQUs5L2NDNWZocDJHTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ0V4SHpBZEJnTlYKQkFNVEZrNUhTVTVZU1c1bmNtVnpjME52Ym5SeWIyeHNaWEl3SGhjTk1UY3dPRE14TVRBeE16UTRXaGNOTVRndwpPRE14TVRBeE16UTRXakFoTVI4d0hRWURWUVFERXhaT1IwbE9XRWx1WjNKbGMzTkRiMjUwY205c2JHVnlNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0bXhhMDhadExIaWxleWhOUWN5OUl4ankKWTBYdy9CRmZvM3duMDRsSXRoaGRxbkZ3NTZIVG1RVjIvbnEyRUxMdTNoejNjc3Urc3M5WFEzL3BrbXVwTEE5TApuaVVRZFVNcER4VlE1VFFKRW5CanJ5aXc4RWFlcEp4NUNCYVB5V3ZSZkpPb0pFSW56ZmNaYnE4OEVmQklYOHdtClFCa0xlcnFTVmRYWjBXR3FINVVQVlVZMVBqZXBqSXAyZ0NvbDRMUjM1aHRlSk9OMmZVTEF6cmRGMDBDT092WGsKUzgwRGw5eHdoUkVwVWVySGNuNXZod3BJazNkY3FNS3BxWTY2elF3dStMcFJEM3ZVWjR0eC9VYnlUdStkMkdhVwpWaG1RLy85RmtzUzVBS1d2ZXkrK3pPUTFDZTAxNzhDU0hRYXRDaWFuU2lTT3lwakZtTUZ0N1Mra25pbm9Xd0lECkFRQUJvNEdETUlHQU1CMEdBMVVkRGdRV0JCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXVEJSQmdOVkhTTUUKU2pCSWdCUlFUODVHRzV6a0QxV3FNSzZvOW8xWWFqUVBXYUVscENNd0lURWZNQjBHQTFVRUF4TVdUa2RKVGxoSgpibWR5WlhOelEyOXVkSEp2Ykd4bGNvSUpBSzkvY0M1ZmhwMkdNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVGQlFBRGdnRUJBSTIxcXpDN0lIYTEzblNvRkMxVFdtSUZydjQ2L2hRSFRjSFhxazRXZW16Z3VwVW8Kdmp0R05DVFlaR1VtL3RZY1FobDZvOXVJZlV5N3NlVS9OeWVCWHpOdGFiQUczQUIzanREVUJySy9xeVJ5cDZjRApIL0MzNmd5VFh3OGJxYVdOSzg0VGhYOVg2MFVFNVE2NzFUQUJMbk9paEhKUVVxTHdRc1VkdEkxRHBQb1BOOFlWCm5YQVl1RXJKWTVRckhzdHZoOFNZM2xoV3BSOWJ0eTVySldweUhIM3NDL1lHN2lFam5TUXp2LzdhK3cxTW1RQ0EKTk1wQnFvdzJKZkdveklyV2JvcFBVR2lmZ2szSjBKT24rcnA4RDRVc1lvNEo4Y3RvVk5qUFdmeU9zczB6ZWZ2aQpyUmVEUDdJOXc5THF1eERIRUhzeUpMUXN0MzNlQWlna1FBQU9zMUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K diff --git a/install/common/nginx-config.yaml b/install/common/nginx-config.yaml new file mode 100644 index 0000000000..a6a6c812b5 --- /dev/null +++ b/install/common/nginx-config.yaml @@ -0,0 +1,6 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-config + namespace: nginx-ingress +data: diff --git a/install/common/ns-and-sa.yaml b/install/common/ns-and-sa.yaml new file mode 100644 index 0000000000..994af5ae45 --- /dev/null +++ b/install/common/ns-and-sa.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nginx-ingress +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress + namespace: nginx-ingress \ No newline at end of file diff --git a/examples/rbac/nginx-ingress-rc.yaml b/install/daemon-set/nginx-ingress.yaml similarity index 51% rename from examples/rbac/nginx-ingress-rc.yaml rename to install/daemon-set/nginx-ingress.yaml index ca9b4d8230..ef9166108f 100644 --- a/examples/rbac/nginx-ingress-rc.yaml +++ b/install/daemon-set/nginx-ingress.yaml @@ -1,13 +1,12 @@ -apiVersion: v1 -kind: ReplicationController +apiVersion: extensions/v1beta1 +kind: DaemonSet metadata: - name: nginx-ingress-rc - labels: - app: nginx-ingress + name: nginx-ingress + namespace: nginx-ingress spec: - replicas: 1 selector: - app: nginx-ingress + matchLabels: + app: nginx-ingress template: metadata: labels: @@ -16,21 +15,20 @@ spec: serviceAccountName: nginx-ingress containers: - image: nginxdemos/nginx-ingress:1.1.1 - imagePullPolicy: Always name: nginx-ingress ports: - - containerPort: 80 + - name: http + containerPort: 80 hostPort: 80 - - containerPort: 443 - hostPort: 443 + - name: https + containerPort: 443 + hostPort: 443 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps args: - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -v=3 # Enables extensive logging. Useful for trooublshooting. diff --git a/examples/daemon-set/nginx-plus-ingress.yaml b/install/daemon-set/nginx-plus-ingress.yaml similarity index 52% rename from examples/daemon-set/nginx-plus-ingress.yaml rename to install/daemon-set/nginx-plus-ingress.yaml index 51401e2e6c..19d3dc3629 100644 --- a/examples/daemon-set/nginx-plus-ingress.yaml +++ b/install/daemon-set/nginx-plus-ingress.yaml @@ -1,33 +1,35 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: - name: nginx-plus-ingress-controller + name: nginx-ingress + namespace: nginx-ingress spec: + selector: + matchLabels: + app: nginx-ingress template: metadata: labels: - name: nginx-plus-ingress-controller + app: nginx-ingress spec: - # nodeSelector: - # role: nginx-ingress + serviceAccountName: nginx-ingress containers: - image: nginx-plus-ingress:1.1.1 - imagePullPolicy: Always name: nginx-plus-ingress ports: - - containerPort: 80 + - name: http + containerPort: 80 hostPort: 80 - - containerPort: 443 + - name: https + containerPort: 443 hostPort: 443 - env: + env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - # Uncomment the lines below to enable extensive logging and/or customization of - # NGINX configuration with configmaps args: - -nginx-plus - #- -v=3 - #- -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -v=3 # Enables extensive logging. Useful for trooublshooting. diff --git a/install/deployment/nginx-ingress.yaml b/install/deployment/nginx-ingress.yaml new file mode 100644 index 0000000000..1285eab58b --- /dev/null +++ b/install/deployment/nginx-ingress.yaml @@ -0,0 +1,33 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + spec: + serviceAccountName: nginx-ingress + containers: + - image: nginxdemos/nginx-ingress:1.1.1 + name: nginx-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -v=3 # Enables extensive logging. Useful for trooublshooting. diff --git a/install/deployment/nginx-plus-ingress.yaml b/install/deployment/nginx-plus-ingress.yaml new file mode 100644 index 0000000000..45951615f3 --- /dev/null +++ b/install/deployment/nginx-plus-ingress.yaml @@ -0,0 +1,34 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-ingress + template: + metadata: + labels: + app: nginx-ingress + spec: + serviceAccountName: nginx-ingress + containers: + - image: nginx-plus-ingress:1.1.1 + name: nginx-plus-ingress + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - -nginx-plus + - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config + - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret + #- -v=3 # Enables extensive logging. Useful for trooublshooting. diff --git a/examples/rbac/nginx-ingress-rbac.yaml b/install/rbac/rbac.yaml similarity index 88% rename from examples/rbac/nginx-ingress-rbac.yaml rename to install/rbac/rbac.yaml index dad2a37541..446bf51ef2 100644 --- a/examples/rbac/nginx-ingress-rbac.yaml +++ b/install/rbac/rbac.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nginx-ingress ---- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: @@ -53,7 +48,7 @@ metadata: subjects: - kind: ServiceAccount name: nginx-ingress - namespace: default + namespace: nginx-ingress roleRef: kind: ClusterRole name: nginx-ingress diff --git a/install/service/loadbalancer-aws-elb.yaml b/install/service/loadbalancer-aws-elb.yaml new file mode 100644 index 0000000000..d8b8aec359 --- /dev/null +++ b/install/service/loadbalancer-aws-elb.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-ingress + namespace: nginx-ingress + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp" + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: nginx-ingress diff --git a/install/service/loadbalancer.yaml b/install/service/loadbalancer.yaml new file mode 100644 index 0000000000..d27ca5bc6a --- /dev/null +++ b/install/service/loadbalancer.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + externalTrafficPolicy: Local + type: LoadBalancer + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: nginx-ingress diff --git a/install/service/nodeport.yaml b/install/service/nodeport.yaml new file mode 100644 index 0000000000..1ff655bd7f --- /dev/null +++ b/install/service/nodeport.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-ingress + namespace: nginx-ingress +spec: + type: NodePort + ports: + - port: 80 + targetPort: 80 + protocol: TCP + name: http + - port: 443 + targetPort: 443 + protocol: TCP + name: https + selector: + app: nginx-ingress