From 74fb88ae5d81579dcf337d4e829f8c9700f65721 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Fri, 19 Jan 2018 15:37:09 -0200 Subject: [PATCH] Remove deploy of ingress controller from the example [ci skip] (#1933) --- .../external-auth-headers/Makefile | 2 +- .../external-auth-headers/README.md | 27 ++++++----- .../deploy/default-backend.yaml | 48 ------------------- .../deploy/nginx-ingress-controller.yaml | 33 ------------- 4 files changed, 15 insertions(+), 95 deletions(-) delete mode 100644 docs/examples/customization/external-auth-headers/deploy/default-backend.yaml delete mode 100644 docs/examples/customization/external-auth-headers/deploy/nginx-ingress-controller.yaml diff --git a/docs/examples/customization/external-auth-headers/Makefile b/docs/examples/customization/external-auth-headers/Makefile index 65875f426..1ee7e06ac 100644 --- a/docs/examples/customization/external-auth-headers/Makefile +++ b/docs/examples/customization/external-auth-headers/Makefile @@ -3,7 +3,7 @@ all: push TAG=0.1 PREFIX?=electroma/ingress-demo- ARCH?=amd64 -GOLANG_VERSION=1.8 +GOLANG_VERSION=1.9 TEMP_DIR:=$(shell mktemp -d) build: clean diff --git a/docs/examples/customization/external-auth-headers/README.md b/docs/examples/customization/external-auth-headers/README.md index a705dd220..2c1344237 100644 --- a/docs/examples/customization/external-auth-headers/README.md +++ b/docs/examples/customization/external-auth-headers/README.md @@ -6,12 +6,12 @@ to backend service. Sample configuration includes: * Sample authentication service producing several response headers - * Authentication logic is based on HTTP header: requests with header `User` containing string `internal` are considered authenticated - * After successful authentication service generates response headers `UserID` and `UserRole` + * Authentication logic is based on HTTP header: requests with header `User` containing string `internal` are considered authenticated + * After successful authentication service generates response headers `UserID` and `UserRole` * Sample echo service displaying header information * Two ingress objects pointing to echo service - * Public, which allows access from unauthenticated users - * Private, which allows access from authenticated users only + * Public, which allows access from unauthenticated users + * Private, which allows access from authenticated users only You can deploy the controller as follows: @@ -21,18 +21,14 @@ $ kubectl create -f deploy/ deployment "demo-auth-service" created service "demo-auth-service" created ingress "demo-auth-service" created -deployment "default-http-backend" created -service "default-http-backend" created deployment "demo-echo-service" created service "demo-echo-service" created ingress "public-demo-echo-service" created ingress "secure-demo-echo-service" created -deployment "nginx-ingress-controller" created $ kubectl get po NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE -default-http-backend-2657704409-vv0hm 1/1 Running 0 29s demo-auth-service-2769076528-7g9mh 1/1 Running 0 30s demo-echo-service-3636052215-3vw8c 1/1 Running 0 29s @@ -42,9 +38,9 @@ public-demo-echo-service public-demo-echo-service.kube.local 80 secure-demo-echo-service secure-demo-echo-service.kube.local 80 1m ``` - Test 1: public service with no auth header -``` + +```console $ curl -H 'Host: public-demo-echo-service.kube.local' -v 192.168.99.100 * Rebuilt URL to: 192.168.99.100/ * Trying 192.168.99.100... @@ -64,8 +60,10 @@ $ curl -H 'Host: public-demo-echo-service.kube.local' -v 192.168.99.100 * Connection #0 to host 192.168.99.100 left intact UserID: , UserRole: ``` + Test 2: secure service with no auth header -``` + +```console $ curl -H 'Host: secure-demo-echo-service.kube.local' -v 192.168.99.100 * Rebuilt URL to: 192.168.99.100/ * Trying 192.168.99.100... @@ -91,8 +89,10 @@ $ curl -H 'Host: secure-demo-echo-service.kube.local' -v 192.168.99.100 * Connection #0 to host 192.168.99.100 left intact ``` + Test 3: public service with valid auth header -``` + +```console $ curl -H 'Host: public-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100 * Rebuilt URL to: 192.168.99.100/ * Trying 192.168.99.100... @@ -113,9 +113,10 @@ $ curl -H 'Host: public-demo-echo-service.kube.local' -H 'User:internal' -v 192. * Connection #0 to host 192.168.99.100 left intact UserID: 1443635317331776148, UserRole: admin ``` + Test 4: public service with valid auth header -``` +```console $ curl -H 'Host: secure-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100 * Rebuilt URL to: 192.168.99.100/ * Trying 192.168.99.100... diff --git a/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml b/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml deleted file mode 100644 index a16193f93..000000000 --- a/docs/examples/customization/external-auth-headers/deploy/default-backend.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: default-http-backend - labels: - k8s-app: default-http-backend - namespace: default -spec: - replicas: 1 - template: - metadata: - labels: - k8s-app: default-http-backend - spec: - terminationGracePeriodSeconds: 60 - containers: - - name: default-http-backend - image: gcr.io/google_containers/defaultbackend:1.4 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi ---- -apiVersion: v1 -kind: Service -metadata: - name: default-http-backend - namespace: default - labels: - k8s-app: default-http-backend -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - k8s-app: default-http-backend diff --git a/docs/examples/customization/external-auth-headers/deploy/nginx-ingress-controller.yaml b/docs/examples/customization/external-auth-headers/deploy/nginx-ingress-controller.yaml deleted file mode 100644 index 28eb85074..000000000 --- a/docs/examples/customization/external-auth-headers/deploy/nginx-ingress-controller.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: nginx-ingress-controller - labels: - k8s-app: nginx-ingress-controller - namespace: kube-system -spec: - replicas: 1 - template: - metadata: - labels: - k8s-app: nginx-ingress-controller - spec: - terminationGracePeriodSeconds: 60 - containers: - - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2 - name: nginx-ingress-controller - ports: - - containerPort: 80 - hostPort: 80 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend