DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove deploy of ingress controller from the example [ci skip] (#1933)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-01-19 15:37:09 -02:00 committed by GitHub
parent 40718c3865
commit 74fb88ae5d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/examples/customization/external-auth-headers/Makefile
View file

@ -3,7 +3,7 @@ all: push
TAG=0.1 TAG=0.1
PREFIX?=electroma/ingress-demo- PREFIX?=electroma/ingress-demo-
ARCH?=amd64 ARCH?=amd64
GOLANG_VERSION=1.8 GOLANG_VERSION=1.9
TEMP_DIR:=$(shell mktemp -d) TEMP_DIR:=$(shell mktemp -d)
build: clean build: clean

27
docs/examples/customization/external-auth-headers/README.md
View file

@ -6,12 +6,12 @@ to backend service.
Sample configuration includes: Sample configuration includes:
* Sample authentication service producing several response headers * Sample authentication service producing several response headers
* Authentication logic is based on HTTP header: requests with header `User` containing string `internal` are considered authenticated * Authentication logic is based on HTTP header: requests with header `User` containing string `internal` are considered authenticated
* After successful authentication service generates response headers `UserID` and `UserRole` * After successful authentication service generates response headers `UserID` and `UserRole`
* Sample echo service displaying header information * Sample echo service displaying header information
* Two ingress objects pointing to echo service * Two ingress objects pointing to echo service
* Public, which allows access from unauthenticated users * Public, which allows access from unauthenticated users
* Private, which allows access from authenticated users only * Private, which allows access from authenticated users only
You can deploy the controller as You can deploy the controller as
follows: follows:
@ -21,18 +21,14 @@ $ kubectl create -f deploy/
deployment "demo-auth-service" created deployment "demo-auth-service" created
service "demo-auth-service" created service "demo-auth-service" created
ingress "demo-auth-service" created ingress "demo-auth-service" created
deployment "default-http-backend" created
service "default-http-backend" created
deployment "demo-echo-service" created deployment "demo-echo-service" created
service "demo-echo-service" created service "demo-echo-service" created
ingress "public-demo-echo-service" created ingress "public-demo-echo-service" created
ingress "secure-demo-echo-service" created ingress "secure-demo-echo-service" created
deployment "nginx-ingress-controller" created
$ kubectl get po $ kubectl get po
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
NAME READY STATUS RESTARTS AGE NAME READY STATUS RESTARTS AGE
default-http-backend-2657704409-vv0hm 1/1 Running 0 29s
demo-auth-service-2769076528-7g9mh 1/1 Running 0 30s demo-auth-service-2769076528-7g9mh 1/1 Running 0 30s
demo-echo-service-3636052215-3vw8c 1/1 Running 0 29s demo-echo-service-3636052215-3vw8c 1/1 Running 0 29s
@ -42,9 +38,9 @@ public-demo-echo-service public-demo-echo-service.kube.local 80
secure-demo-echo-service secure-demo-echo-service.kube.local 80 1m secure-demo-echo-service secure-demo-echo-service.kube.local 80 1m
``` ```
Test 1: public service with no auth header Test 1: public service with no auth header
```
```console
$ curl -H 'Host: public-demo-echo-service.kube.local' -v 192.168.99.100 $ curl -H 'Host: public-demo-echo-service.kube.local' -v 192.168.99.100
* Rebuilt URL to: 192.168.99.100/ * Rebuilt URL to: 192.168.99.100/
* Trying 192.168.99.100... * Trying 192.168.99.100...
@ -64,8 +60,10 @@ $ curl -H 'Host: public-demo-echo-service.kube.local' -v 192.168.99.100
* Connection #0 to host 192.168.99.100 left intact * Connection #0 to host 192.168.99.100 left intact
UserID: , UserRole: UserID: , UserRole:
``` ```
Test 2: secure service with no auth header Test 2: secure service with no auth header
```
```console
$ curl -H 'Host: secure-demo-echo-service.kube.local' -v 192.168.99.100 $ curl -H 'Host: secure-demo-echo-service.kube.local' -v 192.168.99.100
* Rebuilt URL to: 192.168.99.100/ * Rebuilt URL to: 192.168.99.100/
* Trying 192.168.99.100... * Trying 192.168.99.100...
@ -91,8 +89,10 @@ $ curl -H 'Host: secure-demo-echo-service.kube.local' -v 192.168.99.100
</html> </html>
* Connection #0 to host 192.168.99.100 left intact * Connection #0 to host 192.168.99.100 left intact
``` ```
Test 3: public service with valid auth header Test 3: public service with valid auth header
```
```console
$ curl -H 'Host: public-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100 $ curl -H 'Host: public-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100
* Rebuilt URL to: 192.168.99.100/ * Rebuilt URL to: 192.168.99.100/
* Trying 192.168.99.100... * Trying 192.168.99.100...
@ -113,9 +113,10 @@ $ curl -H 'Host: public-demo-echo-service.kube.local' -H 'User:internal' -v 192.
* Connection #0 to host 192.168.99.100 left intact * Connection #0 to host 192.168.99.100 left intact
UserID: 1443635317331776148, UserRole: admin UserID: 1443635317331776148, UserRole: admin
``` ```
Test 4: public service with valid auth header Test 4: public service with valid auth header
``` ```console
$ curl -H 'Host: secure-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100 $ curl -H 'Host: secure-demo-echo-service.kube.local' -H 'User:internal' -v 192.168.99.100
* Rebuilt URL to: 192.168.99.100/ * Rebuilt URL to: 192.168.99.100/
* Trying 192.168.99.100... * Trying 192.168.99.100...

48
docs/examples/customization/external-auth-headers/deploy/default-backend.yaml
View file

@ -1,48 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: default-http-backend
labels:
k8s-app: default-http-backend
namespace: default
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: default-http-backend
spec:
terminationGracePeriodSeconds: 60
containers:
- name: default-http-backend
image: gcr.io/google_containers/defaultbackend:1.4
livenessProbe:
httpGet:
path: /healthz
port: 8080
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
ports:
- containerPort: 8080
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi
---
apiVersion: v1
kind: Service
metadata:
name: default-http-backend
namespace: default
labels:
k8s-app: default-http-backend
spec:
ports:
- port: 80
targetPort: 8080
selector:
k8s-app: default-http-backend

33
docs/examples/customization/external-auth-headers/deploy/nginx-ingress-controller.yaml
View file

@ -1,33 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nginx-ingress-controller
labels:
k8s-app: nginx-ingress-controller
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
k8s-app: nginx-ingress-controller
spec:
terminationGracePeriodSeconds: 60
containers:
- image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
name: nginx-ingress-controller
ports:
- containerPort: 80
hostPort: 80
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- /nginx-ingress-controller
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend