From c9981f47bb528f32ef95c851e5281b26f521f130 Mon Sep 17 00:00:00 2001 From: Pierrick Date: Thu, 1 Sep 2016 11:19:26 +0200 Subject: [PATCH 1/4] Add firewall rules and ing class clarifications --- ingress/controllers/nginx/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ingress/controllers/nginx/README.md b/ingress/controllers/nginx/README.md index ac39f4ccd7..b6f3f298d0 100644 --- a/ingress/controllers/nginx/README.md +++ b/ingress/controllers/nginx/README.md @@ -78,6 +78,8 @@ Next we create a couple of Ingress rules kubectl create -f examples/ingress.yaml ``` +If your version of Kubernetes is higher than 1.3, you can restrict the ingress usage to NGINX with this annotation :`kubernetes.io/ingress.class: "nginx"` + we check that ingress rules are defined: ``` $ kubectl get ing @@ -102,6 +104,7 @@ Check NGINX it is running with the defined Ingress rules: $ LBIP=$(kubectl get node `kubectl get po -l name=nginx-ingress-lb --template '{{range .items}}{{.spec.nodeName}}{{end}}'` --template '{{range $i, $n := .status.addresses}}{{if eq $n.type "ExternalIP"}}{{$n.address}}{{end}}{{end}}') $ curl $LBIP/foo -H 'Host: foo.bar.com' ``` +You may need to add a firewall rule to allow traffic on port 80. This is related to your cloud provider. ## HTTPS @@ -137,6 +140,8 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl Check the [example](examples/tls/README.md) +You may need to add a firewall rule to allow traffic on port 443. This is related to your cloud provider. + ### Default SSL Certificate NGINX provides the option serve rname [_](http://nginx.org/en/docs/http/server_names.html) as a catch-all in case of requests that do not match one of the configured server names. This configuration works without issues for HTTP traffic. In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case. From 0ba824fcd62d1c1a6887cda0b39957863a8d5a32 Mon Sep 17 00:00:00 2001 From: Pierrick Date: Fri, 2 Sep 2016 10:18:28 +0200 Subject: [PATCH 2/4] Update README.md --- ingress/controllers/nginx/README.md | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/ingress/controllers/nginx/README.md b/ingress/controllers/nginx/README.md index b6f3f298d0..b5a9806b36 100644 --- a/ingress/controllers/nginx/README.md +++ b/ingress/controllers/nginx/README.md @@ -18,6 +18,8 @@ This is a nginx Ingress controller that uses [ConfigMap](https://github.com/kube * [Proxy Protocol](#proxy-protocol) * [NGINX customization](configuration.md) * [NGINX status page](#nginx-status-page) +* [Running multiple ingress controllers](running-multiple-ingress-controllers) +* [Running on Cloudproviders](running-on-cloudproviders) * [Disabling NGINX ingress controller](#disabling-nginx-ingress-controller) * [Local cluster](#local-cluster) * [Debug & Troubleshooting](#troubleshooting) @@ -78,8 +80,6 @@ Next we create a couple of Ingress rules kubectl create -f examples/ingress.yaml ``` -If your version of Kubernetes is higher than 1.3, you can restrict the ingress usage to NGINX with this annotation :`kubernetes.io/ingress.class: "nginx"` - we check that ingress rules are defined: ``` $ kubectl get ing @@ -104,7 +104,6 @@ Check NGINX it is running with the defined Ingress rules: $ LBIP=$(kubectl get node `kubectl get po -l name=nginx-ingress-lb --template '{{range .items}}{{.spec.nodeName}}{{end}}'` --template '{{range $i, $n := .status.addresses}}{{if eq $n.type "ExternalIP"}}{{$n.address}}{{end}}{{end}}') $ curl $LBIP/foo -H 'Host: foo.bar.com' ``` -You may need to add a firewall rule to allow traffic on port 80. This is related to your cloud provider. ## HTTPS @@ -140,8 +139,6 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl Check the [example](examples/tls/README.md) -You may need to add a firewall rule to allow traffic on port 443. This is related to your cloud provider. - ### Default SSL Certificate NGINX provides the option serve rname [_](http://nginx.org/en/docs/http/server_names.html) as a catch-all in case of requests that do not match one of the configured server names. This configuration works without issues for HTTP traffic. In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case. @@ -345,6 +342,21 @@ Please check the example `example/rc-default.yaml` To extract the information in JSON format the module provides a custom URL: `/nginx_status/format/json` +### Running multiple ingress controllers + +If you're running multiple ingress controllers, or running on a cloudprovider that natively handles +ingress, you need to specify the annotation kubernetes.io/ingress.class: "nginx" in all ingresses +that you would like this controller to claim. Not specifying the annotation will lead to multiple +ingress controllers claiming the same ingress. Specifying the wrong value will result in all ingress +controllers ignoring the ingress. Multiple ingress controllers running in the same cluster was not +supported in Kubernetes versions < 1.3. + +### Running on Cloudproviders + +If you're running this ingress controller on a cloudprovider, you should assume the provider also has a native +Ingress controller and specify the ingress.class annotation as indicated in this section. +In addition to this, you will need to add a firewall rule for each port this controller is listening on, i.e :80 and :443. + ### Disabling NGINX ingress controller Setting the annotation `kubernetes.io/ingress.class` to any value other than "nginx" or the empty string, will force the NGINX Ingress controller to ignore your Ingress. Do this if you wish to use one of the other Ingress controllers at the same time as the NGINX controller. From df587a539a050112ebceae2392bee93d9b2d3ee5 Mon Sep 17 00:00:00 2001 From: Pierrick Date: Fri, 2 Sep 2016 10:20:06 +0200 Subject: [PATCH 3/4] Update README.md --- ingress/controllers/nginx/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ingress/controllers/nginx/README.md b/ingress/controllers/nginx/README.md index b5a9806b36..c4a7404ac4 100644 --- a/ingress/controllers/nginx/README.md +++ b/ingress/controllers/nginx/README.md @@ -18,8 +18,8 @@ This is a nginx Ingress controller that uses [ConfigMap](https://github.com/kube * [Proxy Protocol](#proxy-protocol) * [NGINX customization](configuration.md) * [NGINX status page](#nginx-status-page) -* [Running multiple ingress controllers](running-multiple-ingress-controllers) -* [Running on Cloudproviders](running-on-cloudproviders) +* [Running multiple ingress controllers](#running-multiple-ingress-controllers) +* [Running on Cloudproviders](#running-on-cloudproviders) * [Disabling NGINX ingress controller](#disabling-nginx-ingress-controller) * [Local cluster](#local-cluster) * [Debug & Troubleshooting](#troubleshooting) From 924f5163d0e80d4e6008a9b790d7927cd32faf97 Mon Sep 17 00:00:00 2001 From: Pierrick Date: Fri, 2 Sep 2016 23:11:22 +0200 Subject: [PATCH 4/4] Update README.md --- ingress/controllers/nginx/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ingress/controllers/nginx/README.md b/ingress/controllers/nginx/README.md index c4a7404ac4..0638647cb9 100644 --- a/ingress/controllers/nginx/README.md +++ b/ingress/controllers/nginx/README.md @@ -345,7 +345,7 @@ To extract the information in JSON format the module provides a custom URL: `/ng ### Running multiple ingress controllers If you're running multiple ingress controllers, or running on a cloudprovider that natively handles -ingress, you need to specify the annotation kubernetes.io/ingress.class: "nginx" in all ingresses +ingress, you need to specify the annotation `kubernetes.io/ingress.class: "nginx"` in all ingresses that you would like this controller to claim. Not specifying the annotation will lead to multiple ingress controllers claiming the same ingress. Specifying the wrong value will result in all ingress controllers ignoring the ingress. Multiple ingress controllers running in the same cluster was not