Deploy GitHub Pages

404.html

@@ -352,6 +352,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="/deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="/deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

deploy/index.html

@@ -461,8 +461,8 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#baremetal" title="Baremetal" class="md-nav__link">
+  <a href="#bare-metal" title="Bare-metal" class="md-nav__link">
-    Baremetal
+    Bare-metal
   </a>
   
 </li>
@@ -514,6 +514,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1268,8 +1280,8 @@
 </li>
         
           <li class="md-nav__item">
-  <a href="#baremetal" title="Baremetal" class="md-nav__link">
+  <a href="#bare-metal" title="Bare-metal" class="md-nav__link">
-    Baremetal
+    Bare-metal
   </a>
   
 </li>
@@ -1335,7 +1347,7 @@
 <li><a href="#aws">AWS</a></li>
 <li><a href="#gce-gke">GCE - GKE</a></li>
 <li><a href="#azure">Azure</a></li>
-<li><a href="#baremetal">Baremetal</a></li>
+<li><a href="#bare-metal">Bare-metal</a></li>
 </ul>
 </li>
 <li><a href="#verify-installation">Verify installation</a></li>
@@ -1348,7 +1360,6 @@
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml</span>
 </pre></div>
 
-
 <h3 id="provider-specific-steps">Provider Specific Steps<a class="headerlink" href="#provider-specific-steps" title="Permanent link">&para;</a></h3>
 <p>There are cloud provider specific yaml files.</p>
 <h4 id="docker-for-mac">Docker for Mac<a class="headerlink" href="#docker-for-mac" title="Permanent link">&para;</a></h4>
@@ -1357,13 +1368,11 @@
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
 </pre></div>
 
-
 <h4 id="minikube">minikube<a class="headerlink" href="#minikube" title="Permanent link">&para;</a></h4>
 <p>For standard usage:</p>
 <div class="codehilite"><pre><span></span><span class="go">minikube addons enable ingress</span>
 </pre></div>
 
-
 <p>For development:</p>
 <ol>
 <li>Disable the ingress addon:</li>
@@ -1371,7 +1380,6 @@
 <div class="codehilite"><pre><span></span><span class="gp">$</span> minikube addons disable ingress
 </pre></div>
 
-
 <ol>
 <li>Execute <code class="codehilite">make dev-env</code></li>
 <li>Confirm the <code class="codehilite">nginx-ingress-controller</code> deployment exists:</li>
@@ -1382,7 +1390,6 @@
 <span class="go">nginx-ingress-controller-fdcdcd6dd-vvpgs   1/1       Running   0          11s</span>
 </pre></div>
 
-
 <h4 id="aws">AWS<a class="headerlink" href="#aws" title="Permanent link">&para;</a></h4>
 <p>In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of <code class="codehilite">Type=LoadBalancer</code>.
 Since Kubernetes v1.9.0 it is possible to use a classic load balancer (ELB) or network load balancer (NLB)
@@ -1398,7 +1405,6 @@ Please check the <a href="https://aws.amazon.com/es/elasticloadbalancing/details
 <span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml</span>
 </pre></div>
 
-
 <p>For L7:</p>
 <p>Change line of the file <code class="codehilite">provider/aws/service-l7.yaml</code> replacing the dummy id with a valid one <code class="codehilite">&quot;arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX&quot;</code>
 Then execute:</p>
@@ -1406,7 +1412,6 @@ Then execute:</p>
 <span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml</span>
 </pre></div>
 
-
 <p>This example creates an ELB with just two listeners, one in port 80 and another in port 443</p>
 <p><img alt="Listeners" src="./../images/elb-l7-listener.png" /></p>
 <h5 id="network-load-balancer-nlb">Network Load Balancer (NLB)<a class="headerlink" href="#network-load-balancer-nlb" title="Permanent link">&para;</a></h5>
@@ -1414,30 +1419,29 @@ Then execute:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-nlb.yaml</span>
 </pre></div>
 
-
 <h4 id="gce-gke">GCE - GKE<a class="headerlink" href="#gce-gke" title="Permanent link">&para;</a></h4>
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
 </pre></div>
 
-
 <p><strong>Important Note:</strong> proxy protocol is not supported in GCE/GKE</p>
 <h4 id="azure">Azure<a class="headerlink" href="#azure" title="Permanent link">&para;</a></h4>
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml</span>
 </pre></div>
 
-
+<h4 id="bare-metal">Bare-metal<a class="headerlink" href="#bare-metal" title="Permanent link">&para;</a></h4>
-<h4 id="baremetal">Baremetal<a class="headerlink" href="#baremetal" title="Permanent link">&para;</a></h4>
 <p>Using <a href="https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport">NodePort</a>:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml</span>
 </pre></div>
 
-
+<div class="admonition tip">
+<p class="admonition-title">Tip</p>
+<p>For extended notes regarding deployments on bare-metal, see <a href="./baremetal/">Bare-metal considerations</a>.</p>
+</div>
 <h3 id="verify-installation">Verify installation<a class="headerlink" href="#verify-installation" title="Permanent link">&para;</a></h3>
 <p>To check if the ingress controller pods have started, run the following command:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl get pods --all-namespaces -l app=ingress-nginx --watch</span>
 </pre></div>
 
-
 <p>Once the operator pods are running, you can cancel the above command by typing <code class="codehilite">Ctrl+C</code>.
 Now, you are ready to create your first ingress.</p>
 <h3 id="detect-installed-version">Detect installed version<a class="headerlink" href="#detect-installed-version" title="Permanent link">&para;</a></h3>
@@ -1447,19 +1451,16 @@ Now, you are ready to create your first ingress.</p>
 <span class="go">kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version</span>
 </pre></div>
 
-
 <h2 id="using-helm">Using Helm<a class="headerlink" href="#using-helm" title="Permanent link">&para;</a></h2>
 <p>NGINX Ingress controller can be installed via <a href="https://helm.sh/">Helm</a> using the chart <a href="https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress">stable/nginx-ingress</a> from the official charts repository. 
 To install the chart with the release name <code class="codehilite">my-nginx</code>:</p>
 <div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx</span>
 </pre></div>
 
-
 <p>If the kubernetes cluster has RBAC enabled, then run:</p>
 <div class="codehilite"><pre><span></span><span class="go">helm install stable/nginx-ingress --name my-nginx --set rbac.create=true</span>
 </pre></div>
 
-
 <p>Detect installed version:</p>
 <div class="codehilite"><pre><span></span><span class="go">POD_NAME=$(kubectl get pods -l app=nginx-ingress -o jsonpath=&#39;{.items[0].metadata.name}&#39;)</span>
 <span class="go">kubectl exec -it $POD_NAME -- /nginx-ingress-controller --version</span>
@@ -1499,13 +1500,13 @@ To install the chart with the release name <code class="codehilite">my-nginx</co
           </a>
         
         
-          <a href="rbac/" title="Role Based Access Control (RBAC)" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
+          <a href="baremetal/" title="Bare-metal considerations" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
               <span class="md-flex__ellipsis">
                 <span class="md-footer-nav__direction">
                   Next
                 </span>
-                Role Based Access Control (RBAC)
+                Bare-metal considerations
               </span>
             </div>
             <div class="md-flex__cell md-flex__cell--shrink">

deploy/rbac/index.html

@@ -359,6 +359,18 @@
           
           
 
+
+  <li class="md-nav__item">
+    <a href="../baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
   
 
 
@@ -1258,7 +1270,7 @@ container arguments, and POD_NAMESPACE should be in the nginx-ingress namespace.
     <div class="md-footer-nav">
       <nav class="md-footer-nav__inner md-grid">
         
-          <a href="../" title="Installation Guide" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
+          <a href="../baremetal/" title="Bare-metal considerations" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
             <div class="md-flex__cell md-flex__cell--shrink">
               <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
             </div>
@@ -1267,7 +1279,7 @@ container arguments, and POD_NAMESPACE should be in the nginx-ingress namespace.
                 <span class="md-footer-nav__direction">
                   Previous
                 </span>
-                Installation Guide
+                Bare-metal considerations
               </span>
             </div>
           </a>

deploy/upgrade/index.html

@@ -360,6 +360,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1132,14 +1144,12 @@ in the controller Deployment.</p>
           <span class="l l-Scalar l-Scalar-Plain">args</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">...</span>
 </pre></div>
 
-
 <p>simply change the <code class="codehilite">0.9.0</code> tag to the version you wish to upgrade to.
 The easiest way to do this is e.g. (do note you may need to change the name parameter according to your installation):</p>
 <div class="codehilite"><pre><span></span>kubectl set image deployment/nginx-ingress-controller \
   nginx-ingress-controller=nginx:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
 </pre></div>
 
-
 <p>For interactive editing, use <code class="codehilite">kubectl edit deployment nginx-ingress-controller</code>.</p>
 <h2 id="with-helm">With Helm<a class="headerlink" href="#with-helm" title="Permanent link">&para;</a></h2>
 <p>If you installed ingress-nginx using the Helm command in the deployment docs so its name is <code class="codehilite">ngx-ingress</code>,

development/index.html

@@ -356,6 +356,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1251,7 +1263,6 @@ git clone https://github.com/$YOUR_GITHUB_USERNAME/ingress-nginx.git
 cd ingress-nginx
 </pre></div>
 
-
 <h3 id="initial-developer-environment-build">Initial developer environment build<a class="headerlink" href="#initial-developer-environment-build" title="Permanent link">&para;</a></h3>
 <blockquote>
 <p><strong>Prequisites</strong>: Minikube must be installed.
@@ -1261,19 +1272,14 @@ See <a href="https://github.com/kubernetes/minikube/releases">releases</a> for i
 <div class="codehilite"><pre><span></span>$ make dev-env
 </pre></div>
 
-
 <h3 id="updating-the-deployment">Updating the deployment<a class="headerlink" href="#updating-the-deployment" title="Permanent link">&para;</a></h3>
-<p>The nginx controller container image can be rebuilt using:</p>
+<p>The nginx controller container image can be rebuilt using:
 <div class="codehilite"><pre><span></span>$ <span class="nv">ARCH</span><span class="o">=</span>amd64 <span class="nv">TAG</span><span class="o">=</span>dev <span class="nv">REGISTRY</span><span class="o">=</span><span class="nv">$USER</span>/ingress-controller make build container
-</pre></div>
+</pre></div></p>
-
+<p>The image will only be used by pods created after the rebuild. To delete old pods which will cause new ones to spin up:
-
-<p>The image will only be used by pods created after the rebuild. To delete old pods which will cause new ones to spin up:</p>
 <div class="codehilite"><pre><span></span>$ kubectl get pods -n ingress-nginx
 $ kubectl delete pod -n ingress-nginx nginx-ingress-controller-&lt;unique-pod-id&gt;
-</pre></div>
+</pre></div></p>
-
-
 <h2 id="dependencies">Dependencies<a class="headerlink" href="#dependencies" title="Permanent link">&para;</a></h2>
 <p>The build uses dependencies in the <code class="codehilite">vendor</code> directory, which
 must be installed before building a binary/image. Occasionally, you
@@ -1290,12 +1296,10 @@ might need to update the dependencies.</p>
 <span class="go"> platform    : linux/amd64</span>
 </pre></div>
 
-
 <p>If you have an older version of <code class="codehilite">dep</code>, you can update it as follows:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> go get -u github.com/golang/dep
 </pre></div>
 
-
 <p>This will automatically save the dependencies to the <code class="codehilite">vendor/</code> directory.</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nb">cd</span> <span class="nv">$GOPATH</span>/src/k8s.io/ingress-nginx
 <span class="gp">$</span> dep ensure
@@ -1303,7 +1307,6 @@ might need to update the dependencies.</p>
 <span class="gp">$</span> dep prune
 </pre></div>
 
-
 <h2 id="building">Building<a class="headerlink" href="#building" title="Permanent link">&para;</a></h2>
 <p>All ingress controllers are built through a Makefile. Depending on your
 requirements you can build a raw server binary, a local container image,
@@ -1316,25 +1319,20 @@ or push an image to a remote repository.</p>
 <span class="gp">$</span> <span class="nb">export</span> <span class="nv">REGISTRY</span><span class="o">=</span>&lt;your-docker-registry&gt;
 </pre></div>
 
-
 <p>To find the registry simply run: <code class="codehilite">docker system info | grep Registry</code></p>
 <h3 id="nginx-controller">Nginx Controller<a class="headerlink" href="#nginx-controller" title="Permanent link">&para;</a></h3>
-<p>Build a raw server binary</p>
+<p>Build a raw server binary
 <div class="codehilite"><pre><span></span><span class="gp">$</span> make build
-</pre></div>
+</pre></div></p>
-
-
 <p><a href="https://github.com/kubernetes/ingress-nginx/issues/387">TODO</a>: add more specific instructions needed for raw server binary.</p>
 <p>Build a local container image</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nv">TAG</span><span class="o">=</span>&lt;tag&gt; <span class="nv">REGISTRY</span><span class="o">=</span><span class="nv">$USER</span>/ingress-controller make docker-build
 </pre></div>
 
-
 <p>Push the container image to a remote repository</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nv">TAG</span><span class="o">=</span>&lt;tag&gt; <span class="nv">REGISTRY</span><span class="o">=</span><span class="nv">$USER</span>/ingress-controller make docker-push
 </pre></div>
 
-
 <h2 id="deploying">Deploying<a class="headerlink" href="#deploying" title="Permanent link">&para;</a></h2>
 <p>There are several ways to deploy the ingress controller onto a cluster.
 Please check the <a href="../deploy">deployment guide</a></p>
@@ -1344,31 +1342,26 @@ Please check the <a href="../deploy">deployment guide</a></p>
 <span class="gp">$</span> make <span class="nb">test</span>
 </pre></div>
 
-
 <p>If you have access to a Kubernetes cluster, you can also run e2e tests using ginkgo.</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nb">cd</span> <span class="nv">$GOPATH</span>/src/k8s.io/ingress-nginx
 <span class="gp">$</span> make e2e-test
 </pre></div>
 
-
 <p>To run unit-tests for lua code locally, run:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> <span class="nb">cd</span> <span class="nv">$GOPATH</span>/src/k8s.io/ingress-nginx
 <span class="gp">$</span> ./rootfs/etc/nginx/lua/test/up.sh
 <span class="gp">$</span> make lua-test
 </pre></div>
 
-
 <p>Lua tests are located in <code class="codehilite">$GOPATH/src/k8s.io/ingress-nginx/rootfs/etc/nginx/lua/test</code>. When creating a new test file it must follow the naming convention <code class="codehilite">&lt;mytest&gt;_test.lua</code> or it will be ignored. </p>
 <h2 id="releasing">Releasing<a class="headerlink" href="#releasing" title="Permanent link">&para;</a></h2>
 <p>All Makefiles will produce a release binary, as shown above. To publish this
 to a wider Kubernetes user base, push the image to a container registry, like
 <a href="https://cloud.google.com/container-registry/">gcr.io</a>. All release images are hosted under <code class="codehilite">gcr.io/google_containers</code> and
 tagged according to a <a href="http://semver.org/">semver</a> scheme.</p>
-<p>An example release might look like:</p>
+<p>An example release might look like:
 <div class="codehilite"><pre><span></span>$ make release
-</pre></div>
+</pre></div></p>
-
-
 <p>Please follow these guidelines to cut a release:</p>
 <ul>
 <li>Update the <a href="https://help.github.com/articles/creating-releases/">release</a>

examples/PREREQUISITES/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1190,7 +1202,6 @@ key/cert pair with an arbitrarily chosen hostname, created as follows</p>
 <span class="go">secret &quot;tls-secret&quot; created</span>
 </pre></div>
 
-
 <h2 id="ca-authentication">CA Authentication<a class="headerlink" href="#ca-authentication" title="Permanent link">&para;</a></h2>
 <p>You can act as your very own CA, or use an existing one. As an exercise / learning, we're going to generate our
 own CA, and also generate a client certificate.</p>
@@ -1210,13 +1221,11 @@ In real production world, you may face CAs with intermediate certificates, as th
 <span class="go">   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority</span>
 </pre></div>
 
-
 <p>To generate our CA Certificate, we've to run the following commands:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> openssl genrsa -out ca.key <span class="m">2048</span>
 <span class="gp">$</span> openssl req -x509 -new -nodes -key ca.key -days <span class="m">10000</span> -out ca.crt -subj <span class="s2">&quot;/CN=example-ca&quot;</span>
 </pre></div>
 
-
 <p>This will generate two files: A private key (ca.key) and a public key (ca.crt). This CA is valid for 10000 days.
 The ca.crt can be used later in the step of creation of CA authentication secret.</p>
 <h3 id="generating-the-client-certificate">Generating the client certificate<a class="headerlink" href="#generating-the-client-certificate" title="Permanent link">&para;</a></h3>
@@ -1232,19 +1241,16 @@ used to authenticate in a tls-auth configured ingress.</p>
 <span class="go">keyUsage = nonRepudiation, digitalSignature, keyEncipherment</span>
 </pre></div>
 
-
 <p>Then, a user generates his very own private key (that he needs to keep secret)
 and a CSR (Certificate Signing Request) that will be sent to the CA to sign and generate a certificate.</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> openssl genrsa -out client1.key <span class="m">2048</span>
 <span class="gp">$</span> openssl req -new -key client1.key -out client1.csr -subj <span class="s2">&quot;/CN=client1&quot;</span> -config openssl.cnf
 </pre></div>
 
-
 <p>As the CA receives the generated 'client1.csr' file, it signs it and generates a client.crt certificate:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> openssl x509 -req -in client1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client1.crt -days <span class="m">365</span> -extensions v3_req -extfile openssl.cnf
 </pre></div>
 
-
 <p>Then, you'll have 3 files: the client.key (user's private key), client.crt (user's public key) and client.csr (disposable CSR).</p>
 <h3 id="creating-the-ca-authentication-secret">Creating the CA Authentication secret<a class="headerlink" href="#creating-the-ca-authentication-secret" title="Permanent link">&para;</a></h3>
 <p>If you're using the CA Authentication feature, you need to generate a secret containing 
@@ -1254,29 +1260,23 @@ all the authorized CAs. You must download them from your CA site in PEM format (
 -----END CERTIFICATE-----
 </pre></div>
 
-
 <p>You can have as many certificates as you want. If they're in the binary DER format, 
 you can convert them as the following:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> openssl x509 -in certificate.der -inform der -out certificate.crt -outform pem
 </pre></div>
 
-
 <p>Then, you've to concatenate them all in only one file, named 'ca.crt' as the following:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> cat certificate1.crt certificate2.crt certificate3.crt &gt;&gt; ca.crt
 </pre></div>
 
-
 <p>The final step is to create a secret with the content of this file. This secret is going to be used in 
 the TLS Auth directive:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create secret generic caingress --namespace<span class="o">=</span>default --from-file<span class="o">=</span>ca.crt<span class="o">=</span>&lt;ca.crt&gt;
 </pre></div>
 
-
+<p><strong>Note:</strong> You can also generate the CA Authentication Secret along with the TLS Secret by using:
-<p><strong>Note:</strong> You can also generate the CA Authentication Secret along with the TLS Secret by using:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create secret generic caingress --namespace<span class="o">=</span>default --from-file<span class="o">=</span>ca.crt<span class="o">=</span>&lt;ca.crt&gt; --from-file<span class="o">=</span>tls.crt<span class="o">=</span>&lt;tls.crt&gt; --from-file<span class="o">=</span>tls.key<span class="o">=</span>&lt;tls.key&gt;
-</pre></div>
+</pre></div></p>
-
-
 <h2 id="test-http-service">Test HTTP Service<a class="headerlink" href="#test-http-service" title="Permanent link">&para;</a></h2>
 <p>All examples that require a test HTTP Service use the standard http-svc pod,
 which you can deploy as follows</p>
@@ -1293,7 +1293,6 @@ which you can deploy as follows</p>
 <span class="go">http-svc         10.0.122.116   &lt;pending&gt;     80:30301/TCP       1d</span>
 </pre></div>
 
-
 <p>You can test that the HTTP Service works by exposing it temporarily</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl patch svc http-svc -p <span class="s1">&#39;{&quot;spec&quot;:{&quot;type&quot;: &quot;LoadBalancer&quot;}}&#39;</span>
 <span class="go">&quot;http-svc&quot; patched</span>

examples/affinity/cookie/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1140,10 +1152,9 @@
 <div class="codehilite"><pre><span></span><span class="go">kubectl create -f ingress.yaml</span>
 </pre></div>
 
-
 <h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link">&para;</a></h2>
 <p>You can confirm that the Ingress works.</p>
-<div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
+<p><div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test
 <span class="go">Name:           nginx-test</span>
 <span class="go">Namespace:      default</span>
 <span class="go">Address:        </span>
@@ -1175,9 +1186,7 @@
 <span class="go">ETag: &quot;58875e6b-264&quot;</span>
 <span class="go">Accept-Ranges: bytes</span>
 </pre></div>
-
+In the example above, you can see a line containing the 'Set-Cookie: INGRESSCOOKIE' setting the right defined stickiness cookie.
-
-<p>In the example above, you can see a line containing the 'Set-Cookie: INGRESSCOOKIE' setting the right defined stickiness cookie.
 This cookie is created by NGINX containing the hash of the used upstream in that request. 
 If the user changes this cookie, NGINX creates a new one and redirect the user to another upstream.</p>
 <p>If the backend pool grows up NGINX will keep sending the requests through the same server of the first request, even if it's overloaded.</p>

examples/auth/basic/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1059,12 +1071,10 @@ It's important the file generated is named <code class="codehilite">auth</code>
 <span class="go">Adding password for user foo</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create secret generic basic-auth --from-file<span class="o">=</span>auth
 <span class="go">secret &quot;basic-auth&quot; created</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get secret basic-auth -o yaml
 <span class="go">apiVersion: v1</span>
 <span class="go">data:</span>
@@ -1076,7 +1086,6 @@ It's important the file generated is named <code class="codehilite">auth</code>
 <span class="go">type: Opaque</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="go">echo &quot;</span>
 <span class="go">apiVersion: extensions/v1beta1</span>
 <span class="go">kind: Ingress</span>
@@ -1101,7 +1110,6 @@ It's important the file generated is named <code class="codehilite">auth</code>
 <span class="go">&quot; | kubectl create -f -</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span>$ curl -v http://10.2.29.4/ -H &#39;Host: foo.bar.com&#39;
 *   Trying 10.2.29.4...
 * Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)
@@ -1128,7 +1136,6 @@ It's important the file generated is named <code class="codehilite">auth</code>
 * Connection #0 to host 10.2.29.4 left intact
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span>$ curl -v http://10.2.29.4/ -H <span class="s1">&#39;Host: foo.bar.com&#39;</span> -u <span class="s1">&#39;foo:bar&#39;</span>
 *   Trying <span class="m">10</span>.2.29.4...
 * Connected to <span class="m">10</span>.2.29.4 <span class="o">(</span><span class="m">10</span>.2.29.4<span class="o">)</span> port <span class="m">80</span> <span class="o">(</span><span class="c1">#0)</span>

examples/auth/client-certs/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

examples/auth/external-auth/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1133,7 +1145,6 @@ status:
 $
 </pre></div>
 
-
 <p>Test 1: no username/password (expect code 401)</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span>
 <span class="go">* Rebuilt URL to: http://172.17.4.99/</span>
@@ -1162,8 +1173,7 @@ $
 <span class="go">* Connection #0 to host 172.17.4.99 left intact</span>
 </pre></div>
 
-
+<p>Test 2: valid username/password (expect code 200)
-<p>Test 2: valid username/password (expect code 200)</p>
 <div class="codehilite"><pre><span></span>$ curl -k http://172.17.4.99 -v -H <span class="s1">&#39;Host: external-auth-01.sample.com&#39;</span> -u <span class="s1">&#39;user:passwd&#39;</span>
 * Rebuilt URL to: http://172.17.4.99/
 *   Trying <span class="m">172</span>.17.4.99...
@@ -1207,10 +1217,8 @@ x-real-ip<span class="o">=</span><span class="m">10</span>.2.60.1
 BODY:
 * Connection <span class="c1">#0 to host 172.17.4.99 left intact</span>
 -no body in request-
-</pre></div>
+</pre></div></p>
-
+<p>Test 3: invalid username/password (expect code 401)
-
-<p>Test 3: invalid username/password (expect code 401)</p>
 <div class="codehilite"><pre><span></span>curl -k http://172.17.4.99 -v -H &#39;Host: external-auth-01.sample.com&#39; -u &#39;user:user&#39;
 * Rebuilt URL to: http://172.17.4.99/
 *   Trying 172.17.4.99...
@@ -1239,7 +1247,7 @@ BODY:
 <span class="nt">&lt;/body&gt;</span>
 <span class="nt">&lt;/html&gt;</span>
 * Connection #0 to host 172.17.4.99 left intact
-</pre></div>
+</pre></div></p>
                 
                   
                 

examples/auth/oauth-external-auth/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1172,7 +1184,6 @@ same endpoint.</p>
 <span class="nn">...</span>
 </pre></div>
 
-
 <h3 id="example-oauth2-proxy-kubernetes-dashboard">Example: OAuth2 Proxy + Kubernetes-Dashboard<a class="headerlink" href="#example-oauth2-proxy-kubernetes-dashboard" title="Permanent link">&para;</a></h3>
 <p>This example will show you how to deploy <a href="https://github.com/bitly/oauth2_proxy"><code class="codehilite">oauth2_proxy</code></a>
 into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using github as oAuth2 provider</p>
@@ -1183,7 +1194,6 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
 <div class="codehilite"><pre><span></span><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/kops/master/addons/kubernetes-dashboard/v1.5.0.yaml</span>
 </pre></div>
 
-
 <ol>
 <li>Create a <a href="https://github.com/settings/applications/new">custom Github OAuth application</a></li>
 </ol>
@@ -1215,7 +1225,6 @@ into a Kubernetes cluster and use it to protect the Kubernetes Dashboard using g
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f oauth2-proxy.yaml,dashboard-ingress.yaml
 </pre></div>
 
-
 <p>Test the oauth integration accessing the configured URL, like <code class="codehilite">https://foo.bar.com</code></p>
 <p><img alt="Register OAuth2 Application" src="../images/github-auth.png" /></p>
 <p><img alt="Github authentication" src="../images/oauth-login.png" /></p>

examples/customization/configuration-snippets/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1114,7 +1126,6 @@
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl apply -f ingress.yaml
 </pre></div>
 
-
 <h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
 <p>Check if the contents of the annotation are present in the nginx.conf file using:
 <code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>

examples/customization/custom-configuration/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1063,12 +1075,10 @@ metadata:
   name: nginx-load-balancer-conf
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span>curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/customization/custom-configuration/configmap.yaml \
     | kubectl apply -f -
 </pre></div>
 
-
 <p>If the Configmap it is updated, NGINX will be reloaded with the new configuration.</p>
                 
                   

examples/customization/custom-errors/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1131,7 +1143,6 @@ service <span class="s2">&quot;nginx-errors&quot;</span> created
 deployment.apps <span class="s2">&quot;nginx-errors&quot;</span> created
 </pre></div>
 
-
 <p>This should have created a Deployment and a Service with the name <code class="codehilite">nginx-errors</code>.</p>
 <div class="codehilite"><pre><span></span>$ kubectl get deploy,svc
 NAME                           DESIRED   CURRENT   READY     AGE
@@ -1141,7 +1152,6 @@ NAME                   TYPE        CLUSTER-IP  EXTERNAL-IP   PORT<span class="o"
 service/nginx-errors   ClusterIP   <span class="m">10</span>.0.0.12   &lt;none&gt;        <span class="m">80</span>/TCP    10s
 </pre></div>
 
-
 <h2 id="ingress-controller-configuration">Ingress controller configuration<a class="headerlink" href="#ingress-controller-configuration" title="Permanent link">&para;</a></h2>
 <p>If you do not already have an instance of the the NGINX Ingress controller running, deploy it according to the
 <a href="../../../../deploy/">deployment guide</a>, then follow these steps:</p>
@@ -1155,7 +1165,10 @@ service/nginx-errors   ClusterIP   <span class="m">10</span>.0.0.12   &lt;none&g
 </li>
 <li>
 <p>Take note of the IP address assigned to the NGINX Ingress controller Service.
-    <code class="codehilite">$ kubectl get svc ingress-nginxNAME            TYPE        CLUSTER-IP  EXTERNAL-IP   PORT<span class="o">(</span>S<span class="o">)</span>          AGEingress-nginx   ClusterIP   <span class="m">10</span>.0.0.13   &lt;none&gt;        <span class="m">80</span>/TCP,443/TCP   10m</code></p>
+    <div class="codehilite"><pre><span></span>$ kubectl get svc ingress-nginx
+NAME            TYPE        CLUSTER-IP  EXTERNAL-IP   PORT<span class="o">(</span>S<span class="o">)</span>          AGE
+ingress-nginx   ClusterIP   <span class="m">10</span>.0.0.13   &lt;none&gt;        <span class="m">80</span>/TCP,443/TCP   10m
+</pre></div></p>
 </li>
 </ol>
 <div class="admonition note">
@@ -1177,7 +1190,6 @@ Connection: keep-alive
 <span class="nt">&lt;span&gt;</span>The page you&#39;re looking for could not be found.<span class="nt">&lt;/span&gt;</span>
 </pre></div>
 
-
 <p>A request with a custom <code class="codehilite">Accept</code> header returns the corresponding document type (JSON):</p>
 <div class="codehilite"><pre><span></span>$ curl -D- -H <span class="s1">&#39;Accept: application/json&#39;</span> http://10.0.0.13/
 HTTP/1.1 <span class="m">404</span> Not Found
@@ -1191,7 +1203,6 @@ Vary: Accept-Encoding
 <span class="o">{</span> <span class="s2">&quot;message&quot;</span>: <span class="s2">&quot;The page you&#39;re looking for could not be found&quot;</span> <span class="o">}</span>
 </pre></div>
 
-
 <p>To go further with this example, feel free to deploy your own applications and Ingress objects, and validate that the
 responses are still in the correct format when a backend returns 503 (eg. if you scale a Deployment down to 0 replica).</p>
                 

examples/customization/custom-headers/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1105,7 +1117,6 @@ server</p>
 <span class="go">    | kubectl apply -f -</span>
 </pre></div>
 
-
 <h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
 <p>Check the contents of the configmap is present in the nginx.conf file using:
 <code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>

examples/customization/custom-upstream-check/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1070,17 +1082,13 @@ spec:
 &quot; | kubectl create -f -
 </pre></div>
 
-
+<p>Check the annotation is present in the Ingress rule:
-<p>Check the annotation is present in the Ingress rule:</p>
 <div class="codehilite"><pre><span></span>kubectl get ingress http-svc -o yaml
-</pre></div>
+</pre></div></p>
-
-
 <p>Check the NGINX configuration is updated using kubectl or the status page:</p>
 <div class="codehilite"><pre><span></span>$ kubectl <span class="nb">exec</span> nginx-ingress-controller-v1ppm cat /etc/nginx/nginx.conf
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="o">....</span>
     <span class="nt">upstream</span> <span class="nt">default-http-svc-x-80</span> <span class="p">{</span>
         <span class="err">least_conn</span><span class="p">;</span>

examples/customization/external-auth-headers/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1085,7 +1097,6 @@ follows:</p>
 <span class="go">secure-demo-echo-service   secure-demo-echo-service.kube.local             80        1m</span>
 </pre></div>
 
-
 <p>Test 1: public service with no auth header</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
 <span class="go">* Rebuilt URL to: 192.168.99.100/</span>
@@ -1107,7 +1118,6 @@ follows:</p>
 <span class="go">UserID: , UserRole:</span>
 </pre></div>
 
-
 <p>Test 2: secure service with no auth header</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -v <span class="m">192</span>.168.99.100
 <span class="go">* Rebuilt URL to: 192.168.99.100/</span>
@@ -1135,7 +1145,6 @@ follows:</p>
 <span class="go">* Connection #0 to host 192.168.99.100 left intact</span>
 </pre></div>
 
-
 <p>Test 3: public service with valid auth header</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: public-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
 <span class="go">* Rebuilt URL to: 192.168.99.100/</span>
@@ -1158,7 +1167,6 @@ follows:</p>
 <span class="go">UserID: 1443635317331776148, UserRole: admin</span>
 </pre></div>
 
-
 <p>Test 4: public service with valid auth header</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> curl -H <span class="s1">&#39;Host: secure-demo-echo-service.kube.local&#39;</span> -H <span class="s1">&#39;User:internal&#39;</span> -v <span class="m">192</span>.168.99.100
 <span class="go">* Rebuilt URL to: 192.168.99.100/</span>

examples/customization/ssl-dh-param/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1139,17 +1151,14 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
 <span class="go">    app: ingress-nginx</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f configmap.yaml
 </pre></div>
 
-
 <h2 id="custom-dh-parameters-secret">Custom DH parameters secret<a class="headerlink" href="#custom-dh-parameters-secret" title="Permanent link">&para;</a></h2>
 <div class="codehilite"><pre><span></span><span class="gp">$</span>&gt; openssl dhparam <span class="m">1024</span> <span class="m">2</span>&gt; /dev/null <span class="p">|</span> base64
 <span class="go">LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="gp">$</span> cat ssl-dh-param.yaml
 <span class="go">apiVersion: v1</span>
 <span class="go">data:</span>
@@ -1162,11 +1171,9 @@ use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
 <span class="go">    app: ingress-nginx</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl create -f ssl-dh-param.yaml
 </pre></div>
 
-
 <h2 id="test">Test<a class="headerlink" href="#test" title="Permanent link">&para;</a></h2>
 <p>Check the contents of the configmap is present in the nginx.conf file using:
 <code class="codehilite">kubectl exec nginx-ingress-controller-873061567-4n3k2 -n kube-system cat /etc/nginx/nginx.conf</code></p>

examples/customization/sysctl/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

examples/docker-registry/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1153,7 +1165,6 @@
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml</span>
 </pre></div>
 
-
 <div class="admonition important">
 <p class="admonition-title">Important</p>
 <p><strong>DO NOT RUN THIS IN PRODUCTION</strong></p>
@@ -1165,7 +1176,6 @@
 <div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml</span>
 </pre></div>
 
-
 <div class="admonition important">
 <p class="admonition-title">Important</p>
 </div>
@@ -1176,7 +1186,6 @@
 <div class="codehilite"><pre><span></span><span class="go">wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml</span>
 </pre></div>
 
-
 <p>Deploy <a href="https://github.com/jetstack/kube-lego">kube lego</a> use <a href="https://letsencrypt.org/">Let's Encrypt</a> certificates or edit the ingress rule to use a secret with an existing SSL certificate.</p>
 <h3 id="testing">Testing<a class="headerlink" href="#testing" title="Permanent link">&para;</a></h3>
 <p>To test the registry is working correctly we download a known image from <a href="https://hub.docker.com">docker hub</a>, create a tag pointing to the new registry and upload the image:</p>
@@ -1185,7 +1194,6 @@
 <span class="go">docker push `registry.&lt;your domain&gt;/ubuntu:16.04`</span>
 </pre></div>
 
-
 <p>Please replace <code class="codehilite">registry.&lt;your domain&gt;</code> with your domain.</p>
                 
                   

examples/grpc/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1198,7 +1210,6 @@ nginx controller.</p>
 <div class="codehilite"><pre><span></span>$ kubectl create -f app.yaml
 </pre></div>
 
-
 <p>This is a standard kubernetes deployment object.  It is running a grpc service
 listening on port <code class="codehilite">50051</code>.</p>
 <p>The sample application
@@ -1212,7 +1223,6 @@ is a grpc server implemented in go. Here's the stripped-down implementation:</p>
 <span class="p">}</span>
 </pre></div>
 
-
 <p>The takeaway is that we are not doing any TLS configuration on the server (as we
 are terminating TLS at the ingress level, grpc traffic will travel unencrypted
 inside the cluster and arrive "insecure").</p>
@@ -1223,14 +1233,12 @@ itself, add the ingress annotation <code class="codehilite">nginx.ingress.kubern
 <div class="codehilite"><pre><span></span>$ kubectl create -f svc.yaml
 </pre></div>
 
-
 <p>Here we have a typical service. Nothing special, just routing traffic to the
 backend application on port <code class="codehilite">50051</code>.</p>
 <h3 id="step-3-the-kubernetes-ingress">Step 3: the kubernetes <code class="codehilite">Ingress</code><a class="headerlink" href="#step-3-the-kubernetes-ingress" title="Permanent link">&para;</a></h3>
 <div class="codehilite"><pre><span></span>$ kubectl create -f ingress.yaml
 </pre></div>
 
-
 <p>A few things to note:</p>
 <ol>
 <li>We've tagged the ingress with the annotation
@@ -1252,7 +1260,6 @@ can actually talk to the backend.  To do this, we'll use the
 <span class="o">}</span>
 </pre></div>
 
-
 <h3 id="debugging-hints">Debugging Hints<a class="headerlink" href="#debugging-hints" title="Permanent link">&para;</a></h3>
 <ol>
 <li>Obviously, watch the logs on your app.</li>

examples/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

examples/multi-tls/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1054,7 +1066,7 @@
 <li>Create tls secrets for foo.bar.com and bar.baz.com as indicated in the yaml</li>
 <li>Create multi-tls.yaml</li>
 </ol>
-<p>This should generate a segment like:</p>
+<p>This should generate a segment like:
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl <span class="nb">exec</span> -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf <span class="p">|</span> grep <span class="s2">&quot;foo.bar.com&quot;</span> -B <span class="m">7</span> -A <span class="m">35</span>
 <span class="go">    server {</span>
 <span class="go">        listen 80;</span>
@@ -1097,10 +1109,8 @@
 
 <span class="go">            proxy_pass http://default-http-svc-80;</span>
 <span class="go">        }</span>
-</pre></div>
+</pre></div></p>
-
+<p>And you should be able to reach your nginx service or http-svc service using a hostname switch:
-
-<p>And you should be able to reach your nginx service or http-svc service using a hostname switch:</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span>  kubectl get ing
 <span class="go">NAME      RULE          BACKEND   ADDRESS                         AGE</span>
 <span class="go">foo-tls   -                       104.154.30.67                   13m</span>
@@ -1138,7 +1148,7 @@
 
 <span class="gp">$</span> curl <span class="m">104</span>.154.30.67
 <span class="go">default backend - 404</span>
-</pre></div>
+</pre></div></p>
                 
                   
                 

examples/rewrite/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1232,7 +1244,6 @@ and that you have an ingress controller <a href="../../../deploy">running</a> in
 <span class="go">&quot; | kubectl create -f -</span>
 </pre></div>
 
-
 <p>Check the rewrite is working</p>
 <div class="codehilite"><pre><span></span>$ curl -v http://172.17.4.99/something -H <span class="s1">&#39;Host: rewrite.bar.com&#39;</span>
 *   Trying <span class="m">172</span>.17.4.99...
@@ -1275,9 +1286,8 @@ BODY:
 -no body in request-
 </pre></div>
 
-
 <h3 id="app-root">App Root<a class="headerlink" href="#app-root" title="Permanent link">&para;</a></h3>
-<p>Create an Ingress rule with a app-root annotation:</p>
+<p>Create an Ingress rule with a app-root annotation:
 <div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s2">&quot;</span>
 <span class="s2">apiVersion: extensions/v1beta1</span>
 <span class="s2">kind: Ingress</span>
@@ -1296,9 +1306,7 @@ BODY:
 <span class="s2">          servicePort: 80</span>
 <span class="s2">        path: /</span>
 <span class="s2">&quot;</span> <span class="p">|</span> kubectl create -f -
-</pre></div>
+</pre></div></p>
-
-
 <p>Check the rewrite is working</p>
 <div class="codehilite"><pre><span></span>$ curl -I -k http://approot.bar.com/
 HTTP/1.1 <span class="m">302</span> Moved Temporarily

examples/static-ip/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1171,7 +1183,6 @@ behind a Service of <code class="codehilite">Type=LoadBalancer</code>.</p>
 <span class="go">nginx-ingress-lb   10.0.138.113   104.154.109.191   80:31457/TCP,443:32240/TCP   15m</span>
 </pre></div>
 
-
 <p>then, update the ingress controller so it adopts the static IP of the Service
 by passing the <code class="codehilite">--publish-service</code> flag (the example yaml used in the next step
 already has it set to "nginx-ingress-lb").</p>
@@ -1179,7 +1190,6 @@ already has it set to "nginx-ingress-lb").</p>
 <span class="go">deployment &quot;nginx-ingress-controller&quot; created</span>
 </pre></div>
 
-
 <h2 id="assigning-the-ip-to-an-ingress">Assigning the IP to an Ingress<a class="headerlink" href="#assigning-the-ip-to-an-ingress" title="Permanent link">&para;</a></h2>
 <p>From here on every Ingress created with the <code class="codehilite">ingress.class</code> annotation set to
 <code class="codehilite">nginx</code> will get the IP allocated in the previous step</p>
@@ -1201,7 +1211,6 @@ already has it set to "nginx-ingress-lb").</p>
 <span class="go">...</span>
 </pre></div>
 
-
 <h2 id="retaining-the-ip">Retaining the IP<a class="headerlink" href="#retaining-the-ip" title="Permanent link">&para;</a></h2>
 <p>You can test retention by deleting the Ingress</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl delete ing nginx-ingress
@@ -1215,7 +1224,6 @@ already has it set to "nginx-ingress-lb").</p>
 <span class="go">nginx-ingress   *         104.154.109.191   80, 443   13m</span>
 </pre></div>
 
-
 <blockquote>
 <p>Note that unlike the GCE Ingress, the same loadbalancer IP is shared amongst all
 Ingresses, because all requests are proxied through the same set of nginx
@@ -1227,10 +1235,9 @@ controllers.</p>
 <span class="go">&quot;nginx-ingress-lb&quot; patched</span>
 </pre></div>
 
-
 <p>and promote the IP to static (promotion works differently for cloudproviders,
 provided example is for GKE/GCE)
-`</p>
+`
 <div class="codehilite"><pre><span></span><span class="gp">$</span> gcloud compute addresses create nginx-ingress-lb --addresses <span class="m">104</span>.154.109.191 --region us-central1
 <span class="go">Created [https://www.googleapis.com/compute/v1/projects/kubernetesdev/regions/us-central1/addresses/nginx-ingress-lb].</span>
 <span class="go">---</span>
@@ -1245,9 +1252,7 @@ provided example is for GKE/GCE)
 <span class="go">status: IN_USE</span>
 <span class="go">users:</span>
 <span class="go">- us-central1/forwardingRules/a09f6913ae80e11e6a8c542010af0000</span>
-</pre></div>
+</pre></div></p>
-
-
 <p>Now even if the Service is deleted, the IP will persist, so you can recreate the
 Service with <code class="codehilite">spec.loadBalancerIP</code> set to <code class="codehilite">104.154.109.191</code>.</p>
                 

examples/tls-termination/README/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1130,7 +1142,6 @@ TLS cert, and forward un-encrypted HTTP traffic to the test HTTP service.</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl apply -f ingress.yaml</span>
 </pre></div>
 
-
 <h2 id="validation">Validation<a class="headerlink" href="#validation" title="Permanent link">&para;</a></h2>
 <p>You can confirm that the Ingress works.</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl describe ing nginx-test

how-it-works/index.html

@@ -356,6 +356,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

index.html

@@ -394,6 +394,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

sitemap.xml

@@ -2,222 +2,227 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
      <loc>/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/deploy/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
+     <changefreq>daily</changefreq>
+    </url>
+    <url>
+     <loc>/deploy/baremetal/</loc>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/deploy/rbac/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/deploy/upgrade/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/nginx-configuration/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/nginx-configuration/annotations/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/nginx-configuration/configmap/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/nginx-configuration/custom-template/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/nginx-configuration/log-format/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/cli-arguments/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/custom-errors/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/default-backend/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/exposing-tcp-udp-services/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/external-articles/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/miscellaneous/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/monitoring/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/multiple-ingress/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/tls/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/third-party-addons/modsecurity/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/user-guide/third-party-addons/opentracing/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/PREREQUISITES/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/affinity/cookie/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/auth/basic/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/auth/client-certs/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/auth/external-auth/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/auth/oauth-external-auth/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/configuration-snippets/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/custom-configuration/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/custom-errors/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/custom-headers/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/custom-upstream-check/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/external-auth-headers/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/ssl-dh-param/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/customization/sysctl/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/docker-registry/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/grpc/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/multi-tls/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/rewrite/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/static-ip/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/examples/tls-termination/README/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/development/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/how-it-works/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
     <url>
      <loc>/troubleshooting/</loc>
-     <lastmod>2018-08-30</lastmod>
+     <lastmod>2018-09-04</lastmod>
      <changefreq>daily</changefreq>
     </url>
 </urlset>

troubleshooting/index.html

@@ -356,6 +356,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1208,7 +1220,6 @@ methods to obtain more information.</p>
 <span class="go">  Normal  UPDATE  58s   nginx-ingress-controller  Ingress default/cafe-ingress</span>
 </pre></div>
 
-
 <p>Check the Ingress Controller Logs</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get pods -n &lt;namespace-of-ingress-controller&gt;
 <span class="go">NAME                                        READY     STATUS    RESTARTS   AGE</span>
@@ -1224,7 +1235,6 @@ methods to obtain more information.</p>
 <span class="go">....</span>
 </pre></div>
 
-
 <p>Check the Nginx Configuration</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get pods -n &lt;namespace-of-ingress-controller&gt;
 <span class="go">NAME                                        READY     STATUS    RESTARTS   AGE</span>
@@ -1245,7 +1255,6 @@ methods to obtain more information.</p>
 <span class="go">....</span>
 </pre></div>
 
-
 <p>Check if used Services Exist</p>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> kubectl get svc --all-namespaces
 <span class="go">NAMESPACE     NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE</span>
@@ -1257,7 +1266,6 @@ methods to obtain more information.</p>
 <span class="go">kube-system   kubernetes-dashboard   NodePort    10.103.128.17    &lt;none&gt;        80:30000/TCP    30m</span>
 </pre></div>
 
-
 <h2 id="debug-logging">Debug Logging<a class="headerlink" href="#debug-logging" title="Permanent link">&para;</a></h2>
 <p>Using the flag <code class="codehilite">--v=XX</code> it is possible to increase the level of logging. This is performed by editing
 the deployment.</p>
@@ -1270,7 +1278,6 @@ the deployment.</p>
 <span class="gp">#</span> Add --v<span class="o">=</span>X to <span class="s2">&quot;- args&quot;</span>, where X is an integer
 </pre></div>
 
-
 <ul>
 <li><code class="codehilite">--v=2</code> shows details using <code class="codehilite">diff</code> about the changes in the configuration in nginx</li>
 <li><code class="codehilite">--v=3</code> shows details about the service, Ingress rule, endpoint changes and it dumps the nginx configuration in JSON format</li>
@@ -1288,7 +1295,6 @@ with the kubeconfig file.</p>
 +-------------+                    +------------+
 </pre></div>
 
-
 <p><strong>Service authentication</strong></p>
 <p>The Ingress controller needs information from apiserver. Therefore, authentication is required, which can be achieved in two different ways:</p>
 <ol>
@@ -1325,7 +1331,6 @@ on the lower left hand side.</p>
 +---------------------------------------------------+     +------------------+
 </pre></div>
 
-
 <h3 id="service-account">Service Account<a class="headerlink" href="#service-account" title="Permanent link">&para;</a></h3>
 <p>If using a service account to connect to the API server, Dashboard expects the file
 <code class="codehilite">/var/run/secrets/kubernetes.io/serviceaccount/token</code> to be present. It provides a secret
@@ -1396,7 +1401,6 @@ token that is required to authenticate with the API server.</p>
 <span class="go">}</span>
 </pre></div>
 
-
 <p>If it is not working, there are two possible reasons:</p>
 <ol>
 <li>
@@ -1432,7 +1436,6 @@ dump. This allows us to see which configuration is being used, as well as older
 <div class="codehilite"><pre><span></span><span class="gp">$</span> ssh user@workerIP
 </pre></div>
 
-
 <ol>
 <li>Obtain the Docker Container Running nginx</li>
 </ol>
@@ -1441,21 +1444,18 @@ dump. This allows us to see which configuration is being used, as well as older
 <span class="go">d9e1d243156a        quay.io/kubernetes-ingress-controller/nginx-ingress-controller   &quot;/usr/bin/dumb-init …&quot;   19 minutes ago      Up 19 minutes                                                                            k8s_nginx-ingress-controller_nginx-ingress-controller-67956bf89d-mqxzt_kube-system_079f31ec-aa37-11e8-ad39-080027a227db_0</span>
 </pre></div>
 
-
 <ol>
 <li>Exec into the container</li>
 </ol>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> docker <span class="nb">exec</span> -it --user<span class="o">=</span><span class="m">0</span> --privileged d9e1d243156a bash
 </pre></div>
 
-
 <ol>
 <li>Make sure nginx is running in <code class="codehilite">--with-debug</code></li>
 </ol>
 <div class="codehilite"><pre><span></span><span class="gp">$</span> nginx -V <span class="m">2</span>&gt;<span class="p">&amp;</span><span class="m">1</span> <span class="p">|</span> grep -- <span class="s1">&#39;--with-debug&#39;</span>
 </pre></div>
 
-
 <ol>
 <li>Get list of processes running on container</li>
 </ol>
@@ -1469,7 +1469,6 @@ dump. This allows us to see which configuration is being used, as well as older
 <span class="go">root       172     0  0 20:43 pts/0    00:00:00 bash</span>
 </pre></div>
 
-
 <ol>
 <li>Attach gdb to the nginx master process</li>
 </ol>
@@ -1481,7 +1480,6 @@ dump. This allows us to see which configuration is being used, as well as older
 <span class="go">(gdb)</span>
 </pre></div>
 
-
 <ol>
 <li>Copy and paste the following:</li>
 </ol>
@@ -1496,7 +1494,6 @@ dump. This allows us to see which configuration is being used, as well as older
 <span class="go">end</span>
 </pre></div>
 
-
 <ol>
 <li>
 <p>Quit GDB by pressing CTRL+D</p>

user-guide/cli-arguments/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/custom-errors/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/default-backend/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/exposing-tcp-udp-services/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1062,7 +1074,6 @@ Adding <code class="codehilite">PROXY</code> in either or both of the two last f
   <span class="l l-Scalar l-Scalar-Plain">9000</span><span class="p p-Indicator">:</span> <span class="s">&quot;default/example-go:8080&quot;</span>
 </pre></div>
 
-
 <p>Since 1.9.13 NGINX provides <a href="https://www.nginx.com/blog/announcing-udp-load-balancing/">UDP Load Balancing</a>.
 The next example shows how to expose the service <code class="codehilite">kube-dns</code> running in the namespace <code class="codehilite">kube-system</code> in the port <code class="codehilite">53</code> using the port <code class="codehilite">53</code></p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">apiVersion</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>

user-guide/external-articles/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/miscellaneous/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/monitoring/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1163,7 +1175,6 @@
 <span class="go">configmap &quot;prometheus-configuration&quot; created</span>
 </pre></div>
 
-
 <p>Running the following command deploys prometheus in Kubernetes:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/monitoring/prometheus.yaml</span>
 <span class="go">clusterrole &quot;prometheus-server&quot; created</span>
@@ -1173,7 +1184,6 @@
 <span class="go">service &quot;prometheus-service&quot; created</span>
 </pre></div>
 
-
 <h3 id="prometheus-dashboard">Prometheus Dashboard<a class="headerlink" href="#prometheus-dashboard" title="Permanent link">&para;</a></h3>
 <p>Open Prometheus dashboard in a web browser:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl get svc -n ingress-nginx</span>
@@ -1183,18 +1193,15 @@
 <span class="go">prometheus             NodePort    10.98.233.86    &lt;none&gt;        9090:32630/TCP                               1m</span>
 </pre></div>
 
-
 <p>Obtain the IP address of the nodes in the running cluster:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl get nodes -o wide</span>
 </pre></div>
 
-
 <p>In some cases where the node only have internal IP adresses we need to execute:</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl get nodes --selector=kubernetes.io/role!=master -o jsonpath={.items[*].status.addresses[?\(@.type==\&quot;InternalIP\&quot;\)].address}</span>
 <span class="go">10.192.0.2 10.192.0.3 10.192.0.4</span>
 </pre></div>
 
-
 <p>Open your browser and visit the following URL: <em>http://{node IP address}:{prometheus-svc-nodeport}</em> to load the Prometheus Dashboard.</p>
 <p>According to the above example, this URL will be http://10.192.0.3:32630</p>
 <p><img alt="Dashboard" src="../../images/prometheus-dashboard.png" /></p>
@@ -1202,7 +1209,6 @@
 <div class="codehilite"><pre><span></span><span class="go">kubectl create -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/monitoring/grafana.yaml</span>
 </pre></div>
 
-
 <div class="codehilite"><pre><span></span><span class="go">kubectl get svc -n ingress-nginx</span>
 <span class="go">NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                                      AGE</span>
 <span class="go">default-http-backend   ClusterIP   10.103.59.201   &lt;none&gt;        80/TCP                                       3d</span>
@@ -1211,7 +1217,6 @@
 <span class="go">grafana                NodePort    10.98.233.86    &lt;none&gt;        9090:31086/TCP                               10m</span>
 </pre></div>
 
-
 <p>Open your browser and visit the following URL: <em>http://{node IP address}:{grafana-svc-nodeport}</em> to load the Grafana Dashboard.
 According to the above example, this URL will be http://10.192.0.3:31086</p>
 <p>The username and password is <code class="codehilite">admin</code></p>

user-guide/multiple-ingress/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1102,7 +1114,6 @@ you need to specify the annotation <code class="codehilite">kubernetes.io/ingres
     <span class="l l-Scalar l-Scalar-Plain">kubernetes.io/ingress.class</span><span class="p p-Indicator">:</span> <span class="s">&quot;gce&quot;</span>
 </pre></div>
 
-
 <p>will target the GCE controller, forcing the nginx controller to ignore it, while an annotation like</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">metadata</span><span class="p p-Indicator">:</span>
   <span class="l l-Scalar l-Scalar-Plain">name</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">foo</span>
@@ -1110,7 +1121,6 @@ you need to specify the annotation <code class="codehilite">kubernetes.io/ingres
     <span class="l l-Scalar l-Scalar-Plain">kubernetes.io/ingress.class</span><span class="p p-Indicator">:</span> <span class="s">&quot;nginx&quot;</span>
 </pre></div>
 
-
 <p>will target the nginx controller, forcing the GCE controller to ignore it.</p>
 <p>To reiterate, setting the annotation to any value which does not match a valid ingress class will force the NGINX Ingress controller to ignore your Ingress.
 If you are only running a single NGINX ingress controller, this can be achieved by setting the annotation to any value except "nginx" or an empty string.</p>
@@ -1132,7 +1142,6 @@ Here is a partial example:</p>
              <span class="p p-Indicator">-</span> <span class="s">&#39;--configmap=ingress/nginx-ingress-internal-controller&#39;</span>
 </pre></div>
 
-
 <div class="admonition important">
 <p class="admonition-title">Important</p>
 <p>Deploying multiple Ingress controllers, of different types (e.g., <code class="codehilite">ingress-nginx</code> &amp; <code class="codehilite">gce</code>), and not specifying a class annotation will

user-guide/nginx-configuration/annotations/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -2003,22 +2015,18 @@ So, at reload, if upstream servers have changed, index values are not guaranteed
 <p>In NGINX this feature is implemented by the third party module <a href="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng">nginx-sticky-module-ng</a>. The workflow used to define which upstream server will be used is explained <a href="https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf">here</a></p>
 <h3 id="authentication">Authentication<a class="headerlink" href="#authentication" title="Permanent link">&para;</a></h3>
 <p>Is possible to add authentication adding additional annotations in the Ingress rule. The source of the authentication is a secret that contains usernames and passwords inside the key <code class="codehilite">auth</code>.</p>
-<p>The annotations are:</p>
+<p>The annotations are:
 <div class="codehilite"><pre><span></span>nginx.ingress.kubernetes.io/auth-type: [basic|digest]
-</pre></div>
+</pre></div></p>
-
-
 <p>Indicates the <a href="https://tools.ietf.org/html/rfc2617">HTTP Authentication Type: Basic or Digest Access Authentication</a>.</p>
 <div class="codehilite"><pre><span></span>nginx.ingress.kubernetes.io/auth-secret: secretName
 </pre></div>
 
-
 <p>The name of the Secret that contains the usernames and passwords which are granted access to the <code class="codehilite">path</code>s defined in the Ingress rules.
 This annotation also accepts the alternative form "namespace/secretName", in which case the Secret lookup is performed in the referenced namespace instead of the Ingress namespace.</p>
 <div class="codehilite"><pre><span></span>nginx.ingress.kubernetes.io/auth-realm: &quot;realm string&quot;
 </pre></div>
 
-
 <div class="admonition example">
 <p class="admonition-title">Example</p>
 <p>Please check the <a href="../../../examples/auth/basic/README/">auth</a> example.</p>
@@ -2085,49 +2093,59 @@ Only one of the Ingress rules should define annotations to configure the upstrea
   <span class="no">more_set_headers &quot;Request-Id: $req_id&quot;;</span>
 </pre></div>
 
-
 <h3 id="default-backend">Default Backend<a class="headerlink" href="#default-backend" title="Permanent link">&para;</a></h3>
 <p>The ingress controller requires a <a href="../../default-backend/">default backend</a>.
 This service handles the response when the service in the Ingress rule does not have endpoints.
 This is a global configuration for the ingress controller. In some cases could be required to return a custom content or format. In this scenario we can use the annotation <code class="codehilite">nginx.ingress.kubernetes.io/default-backend: &lt;svc name&gt;</code> to specify a custom default backend.</p>
 <h3 id="enable-cors">Enable CORS<a class="headerlink" href="#enable-cors" title="Permanent link">&para;</a></h3>
-<p>To enable Cross-Origin Resource Sharing (CORS) in an Ingress rule,
+<p>To enable Cross-Origin Resource Sharing (CORS) in an Ingress rule, add the annotation
-add the annotation <code class="codehilite">nginx.ingress.kubernetes.io/enable-cors: &quot;true&quot;</code>.
+<code class="codehilite">nginx.ingress.kubernetes.io/enable-cors: &quot;true&quot;</code>. This will add a section in the server
-This will add a section in the server location enabling this functionality.</p>
+location enabling this functionality.</p>
 <p>CORS can be controlled with the following annotations:</p>
 <ul>
+<li><code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-methods</code>
+  controls which methods are accepted. This is a multi-valued field, separated by ',' and
+  accepts only letters (upper and lower case).</li>
+<li>Default: <code class="codehilite">GET, PUT, POST, DELETE, PATCH, OPTIONS</code></li>
 <li>
-<p><code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-methods</code>
+<p>Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-methods: &quot;PUT, GET, POST, OPTIONS&quot;</code></p>
-  controls which methods are accepted.
-  This is a multi-valued field, separated by ',' and accepts only letters (upper and lower case).
-  Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-methods: &quot;PUT, GET, POST, OPTIONS&quot;</code></p>
 </li>
 <li>
 <p><code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-headers</code>
-  controls which headers are accepted.
+  controls which headers are accepted. This is a multi-valued field, separated by ',' and accepts letters,
-  This is a multi-valued field, separated by ',' and accepts letters, numbers, _ and -.
+  numbers, _ and -.</p>
-  Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-headers: &quot;X-Forwarded-For, X-app123-XPTO&quot;</code></p>
+</li>
+<li>Default: <code class="codehilite">DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization</code></li>
+<li>
+<p>Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-headers: &quot;X-Forwarded-For, X-app123-XPTO&quot;</code></p>
 </li>
 <li>
 <p><code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-origin</code>
-  controls what's the accepted Origin for CORS and defaults to '*'.
+  controls what's the accepted Origin for CORS.
-  This is a single field value, with the following format: <code class="codehilite">http(s)://origin-site.com</code> or <code class="codehilite">http(s)://origin-site.com:port</code>
+  This is a single field value, with the following format: <code class="codehilite">http(s)://origin-site.com</code> or <code class="codehilite">http(s)://origin-site.com:port</code></p>
-  Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-origin: &quot;https://origin-site.com:4443&quot;</code></p>
+</li>
+<li>Default: <code class="codehilite">*</code></li>
+<li>
+<p>Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-origin: &quot;https://origin-site.com:4443&quot;</code></p>
 </li>
 <li>
 <p><code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-credentials</code>
-  controls if credentials can be passed during CORS operations.
+  controls if credentials can be passed during CORS operations.</p>
-  Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-credentials: &quot;true&quot;</code></p>
+</li>
+<li>Default: <code class="codehilite">true</code></li>
+<li>
+<p>Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-allow-credentials: &quot;false&quot;</code></p>
 </li>
 <li>
 <p><code class="codehilite">nginx.ingress.kubernetes.io/cors-max-age</code>
   controls how long preflight requests can be cached.
+  Default: <code class="codehilite">1728000</code>
   Example: <code class="codehilite">nginx.ingress.kubernetes.io/cors-max-age: 600</code></p>
 </li>
 </ul>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
-<p>For more information please see <a href="https://enable-cors.org/server_nginx.html">https://enable-cors.org</a></p>
+<p>For more information please see <a href="https://enable-cors.org/server_nginx.html">https://enable-cors.org</a> </p>
 </div>
 <h3 id="server-alias">Server Alias<a class="headerlink" href="#server-alias" title="Permanent link">&para;</a></h3>
 <p>To add Server Aliases to an Ingress rule add the annotation <code class="codehilite">nginx.ingress.kubernetes.io/server-alias: &quot;&lt;alias&gt;&quot;</code>.
@@ -2157,7 +2175,6 @@ the new server configuration will take place over the alias configuration.</p>
 <span class="err">}</span>
 </pre></div>
 
-
 <div class="admonition attention">
 <p class="admonition-title">Attention</p>
 <p>This annotation can be used only once per host.</p>
@@ -2187,7 +2204,6 @@ applied to each location provided in the ingress rule.</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/auth-url</span><span class="p p-Indicator">:</span> <span class="s">&quot;URL</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">authentication</span><span class="nv"> </span><span class="s">service&quot;</span>
 </pre></div>
 
-
 <p>Additionally it is possible to set:</p>
 <ul>
 <li><code class="codehilite">nginx.ingress.kubernetes.io/auth-method</code>:
@@ -2299,7 +2315,6 @@ To use custom values in an Ingress rule define these annotation:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/proxy-body-size</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">8m</span>
 </pre></div>
 
-
 <h3 id="proxy-cookie-domain">Proxy cookie domain<a class="headerlink" href="#proxy-cookie-domain" title="Permanent link">&para;</a></h3>
 <p>Sets a text that <a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain">should be changed in the domain attribute</a> of the "Set-Cookie" header fields of a proxied server response.</p>
 <p>To configure this setting globally for all Ingress rules, the <code class="codehilite">proxy-cookie-domain</code> value may be set in the <a href="../configmap/">NGINX ConfigMap</a>.</p>
@@ -2311,43 +2326,36 @@ To use custom values in an Ingress rule define these annotation:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/proxy-buffering</span><span class="p p-Indicator">:</span> <span class="s">&quot;on&quot;</span>
 </pre></div>
 
-
 <h3 id="proxy-buffer-size">Proxy buffer size<a class="headerlink" href="#proxy-buffer-size" title="Permanent link">&para;</a></h3>
 <p>Sets the size of the buffer <a href="http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size"><code class="codehilite">proxy_buffer_size</code></a> used for reading the first part of the response received from the proxied server.
 By default proxy buffer size is set as "4k"</p>
-<p>To configure this setting globally, set <code class="codehilite">proxy-buffer-size</code> in <a href="../configmap/">NGINX ConfigMap</a>. To use custom values in an Ingress rule, define this annotation:</p>
+<p>To configure this setting globally, set <code class="codehilite">proxy-buffer-size</code> in <a href="../configmap/">NGINX ConfigMap</a>. To use custom values in an Ingress rule, define this annotation:
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/proxy-buffer-size</span><span class="p p-Indicator">:</span> <span class="s">&quot;8k&quot;</span>
-</pre></div>
+</pre></div></p>
-
-
 <h3 id="ssl-ciphers">SSL ciphers<a class="headerlink" href="#ssl-ciphers" title="Permanent link">&para;</a></h3>
 <p>Specifies the <a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers">enabled ciphers</a>.</p>
 <p>Using this annotation will set the <code class="codehilite">ssl_ciphers</code> directive at the server level. This configuration is active for all the paths in the host.</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/ssl-ciphers</span><span class="p p-Indicator">:</span> <span class="s">&quot;ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP&quot;</span>
 </pre></div>
 
-
 <h3 id="connection-proxy-header">Connection proxy header<a class="headerlink" href="#connection-proxy-header" title="Permanent link">&para;</a></h3>
 <p>Using this annotation will override the default connection header set by NGINX.
 To use custom values in an Ingress rule, define the annotation:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/connection-proxy-header</span><span class="p p-Indicator">:</span> <span class="s">&quot;keep-alive&quot;</span>
 </pre></div>
 
-
 <h3 id="enable-access-log">Enable Access Log<a class="headerlink" href="#enable-access-log" title="Permanent link">&para;</a></h3>
 <p>Access logs are enabled by default, but in some scenarios access logs might be required to be disabled for a given
 ingress. To do this, use the annotation:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/enable-access-log</span><span class="p p-Indicator">:</span> <span class="s">&quot;false&quot;</span>
 </pre></div>
 
-
 <h3 id="enable-rewrite-log">Enable Rewrite Log<a class="headerlink" href="#enable-rewrite-log" title="Permanent link">&para;</a></h3>
 <p>Rewrite logs are not enabled by default. In some scenarios it could be required to enable NGINX rewrite logs.
 Note that rewrite logs are sent to the error_log file at the notice level. To enable this feature use the annotation:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/enable-rewrite-log</span><span class="p p-Indicator">:</span> <span class="s">&quot;true&quot;</span>
 </pre></div>
 
-
 <h3 id="lua-resty-waf">Lua Resty WAF<a class="headerlink" href="#lua-resty-waf" title="Permanent link">&para;</a></h3>
 <p>Using <code class="codehilite">lua-resty-waf-*</code> annotations we can enable and control the <a href="https://github.com/p0pr0ck5/lua-resty-waf">lua-resty-waf</a>
 Web Application Firewall per location.</p>
@@ -2355,7 +2363,6 @@ Web Application Firewall per location.</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/lua-resty-waf</span><span class="p p-Indicator">:</span> <span class="s">&quot;active&quot;</span>
 </pre></div>
 
-
 <p>In order to run it in debugging mode you can set <code class="codehilite">nginx.ingress.kubernetes.io/lua-resty-waf-debug</code> to <code class="codehilite">&quot;true&quot;</code> in addition to the above configuration.
 The other possible values for <code class="codehilite">nginx.ingress.kubernetes.io/lua-resty-waf</code> are <code class="codehilite">inactive</code> and <code class="codehilite">simulate</code>.
 In <code class="codehilite">inactive</code> mode WAF won't do anything, whereas in <code class="codehilite">simulate</code> mode it will log a warning message if there's a matching WAF rule for given request. This is useful to debug a rule and eliminate possible false positives before fully deploying it.</p>
@@ -2364,13 +2371,11 @@ You can use <code class="codehilite">nginx.ingress.kubernetes.io/lua-resty-waf-i
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/lua-resty-waf-ignore-rulesets</span><span class="p p-Indicator">:</span> <span class="s">&quot;41000_sqli,</span><span class="nv"> </span><span class="s">42000_xss&quot;</span>
 </pre></div>
 
-
 <p>will ignore the two mentioned rulesets.</p>
 <p>It is also possible to configure custom WAF rules per ingress using the <code class="codehilite">nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules</code> annotation. For an example the following snippet will configure a WAF rule to deny requests with query string value that contains word <code class="codehilite">foo</code>:</p>
 <div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules</span><span class="p p-Indicator">:</span> <span class="s">&#39;[=[</span><span class="nv"> </span><span class="s">{</span><span class="nv"> </span><span class="s">&quot;access&quot;:</span><span class="nv"> </span><span class="s">[</span><span class="nv"> </span><span class="s">{</span><span class="nv"> </span><span class="s">&quot;actions&quot;:</span><span class="nv"> </span><span class="s">{</span><span class="nv"> </span><span class="s">&quot;disrupt&quot;</span><span class="nv"> </span><span class="s">:</span><span class="nv"> </span><span class="s">&quot;DENY&quot;</span><span class="nv"> </span><span class="s">},</span><span class="nv"> </span><span class="s">&quot;id&quot;:</span><span class="nv"> </span><span class="s">10001,</span><span class="nv"> </span><span class="s">&quot;msg&quot;:</span><span class="nv"> </span><span class="s">&quot;my</span><span class="nv"> </span><span class="s">custom</span><span class="nv"> </span><span class="s">rule&quot;,</span><span class="nv"> </span><span class="s">&quot;operator&quot;:</span><span class="nv"> </span><span class="s">&quot;STR_CONTAINS&quot;,</span><span class="nv"> </span><span class="s">&quot;pattern&quot;:</span><span class="nv"> </span><span class="s">&quot;foo&quot;,</span><span class="nv"> </span><span class="s">&quot;vars&quot;:</span><span class="nv"> </span><span class="s">[</span><span class="nv"> </span><span class="s">{</span><span class="nv"> </span><span class="s">&quot;parse&quot;:</span><span class="nv"> </span><span class="s">[</span><span class="nv"> </span><span class="s">&quot;values&quot;,</span><span class="nv"> </span><span class="s">1</span><span class="nv"> </span><span class="s">],</span><span class="nv"> </span><span class="s">&quot;type&quot;:</span><span class="nv"> </span><span class="s">&quot;REQUEST_ARGS&quot;</span><span class="nv"> </span><span class="s">}</span><span class="nv"> </span><span class="s">]</span><span class="nv"> </span><span class="s">}</span><span class="nv"> </span><span class="s">],</span><span class="nv"> </span><span class="s">&quot;body_filter&quot;:</span><span class="nv"> </span><span class="s">[],</span><span class="nv"> </span><span class="s">&quot;header_filter&quot;:[]</span><span class="nv"> </span><span class="s">}</span><span class="nv"> </span><span class="s">]=]&#39;</span>
 </pre></div>
 
-
 <p>For details on how to write WAF rules, please refer to <a href="https://github.com/p0pr0ck5/lua-resty-waf">https://github.com/p0pr0ck5/lua-resty-waf</a>.</p>
 <h3 id="grpc-backend-deprecated-since-0180">gRPC backend DEPRECATED (since 0.18.0)<a class="headerlink" href="#grpc-backend-deprecated-since-0180" title="Permanent link">&para;</a></h3>
 <p>Please use <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPC&quot;</code> or <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPCS&quot;</code></p>
@@ -2392,7 +2397,6 @@ using the <a href="https://github.com/influxdata/nginx-influxdb-module/">nginx-i
 <span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-server-name</span><span class="p p-Indicator">:</span> <span class="s">&quot;nginx-ingress&quot;</span>
 </pre></div>
 
-
 <p>For the <code class="codehilite">influxdb-host</code> parameter you have two options:</p>
 <ul>
 <li>Use an InfluxDB server configured with the  <a href="https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/">UDP protocol</a> enabled. </li>

user-guide/nginx-configuration/configmap/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -632,6 +644,13 @@
     http2-max-header-size
   </a>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#http2-max-requests" title="http2-max-requests" class="md-nav__link">
+    http2-max-requests
+  </a>
+  
 </li>
       
         <li class="md-nav__item">
@@ -2018,6 +2037,13 @@
     http2-max-header-size
   </a>
   
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#http2-max-requests" title="http2-max-requests" class="md-nav__link">
+    http2-max-requests
+  </a>
+  
 </li>
       
         <li class="md-nav__item">
@@ -2701,7 +2727,6 @@ you can add key-value pairs to the data section of the config-map. For Example:<
   <span class="l l-Scalar l-Scalar-Plain">ssl-protocols</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">SSLv2</span>
 </pre></div>
 
-
 <div class="admonition important">
 <p class="admonition-title">Important</p>
 <p>The key and values in a ConfigMap can only be strings.
@@ -2826,6 +2851,11 @@ Same for numbers, like "100".</p>
 <td align="left">"16k"</td>
 </tr>
 <tr>
+<td align="left"><a href="#http2-max-requests">http2-max-requests</a></td>
+<td align="left">int</td>
+<td align="left">1000</td>
+</tr>
+<tr>
 <td align="left"><a href="#hsts">hsts</a></td>
 <td align="left">bool</td>
 <td align="left">"true"</td>
@@ -3370,6 +3400,10 @@ Same for numbers, like "100".</p>
 <p>Limits the maximum size of the entire request header list after HPACK decompression.</p>
 <p><em>References:</em>
 <a href="https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_header_size">https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_header_size</a></p>
+<h2 id="http2-max-requests">http2-max-requests<a class="headerlink" href="#http2-max-requests" title="Permanent link">&para;</a></h2>
+<p>Sets the maximum number of requests (including push requests) that can be served through one HTTP/2 connection, after which the next client request will lead to connection closing and the need of establishing a new connection.</p>
+<p><em>References:</em>
+<a href="http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests">http://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_requests</a></p>
 <h2 id="hsts">hsts<a class="headerlink" href="#hsts" title="Permanent link">&para;</a></h2>
 <p>Enables or disables the header HSTS in servers running SSL.
 HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature (HTTP header) that tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. It provides protection against protocol downgrade attacks and cookie theft.</p>

user-guide/nginx-configuration/custom-template/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1066,7 +1078,6 @@ This includes using a <a href="https://kubernetes.io/docs/concepts/storage/volum
               <span class="l l-Scalar l-Scalar-Plain">path</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">nginx.tmpl</span>
 </pre></div>
 
-
 <p><strong>Please note the template is tied to the Go code. Do not change names in the variable <code class="codehilite">$cfg</code>.</strong></p>
 <p>For more information about the template syntax please check the <a href="https://golang.org/pkg/text/template/">Go template package</a>.
 In addition to the built-in functions provided by the Go package the following functions are also available:</p>

user-guide/nginx-configuration/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/nginx-configuration/log-format/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1059,7 +1071,6 @@
 <span class="x">    &#39;$upstream_response_length $upstream_response_time $upstream_status&#39;;</span>
 </pre></div>
 
-
 <table>
 <thead>
 <tr>

user-guide/third-party-addons/modsecurity/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)

user-guide/third-party-addons/opentracing/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1153,21 +1165,18 @@
 <p>Using the third party module <a href="https://github.com/opentracing-contrib/nginx-opentracing">opentracing-contrib/nginx-opentracing</a> the NGINX ingress controller can configure NGINX to enable <a href="http://opentracing.io">OpenTracing</a> instrumentation.
 By default this feature is disabled.</p>
 <h2 id="usage">Usage<a class="headerlink" href="#usage" title="Permanent link">&para;</a></h2>
-<p>To enable the instrumentation we must enable opentracing in the configuration configmap:</p>
+<p>To enable the instrumentation we must enable opentracing in the configuration configmap:
 <div class="codehilite"><pre><span></span><span class="n">data</span><span class="o">:</span>
   <span class="n">enable</span><span class="o">-</span><span class="n">opentracing</span><span class="o">:</span> <span class="s2">&quot;true&quot;</span>
-</pre></div>
+</pre></div></p>
-
-
 <p>We must also set the host to use when uploading traces:</p>
 <div class="codehilite"><pre><span></span>zipkin-collector-host: zipkin.default.svc.cluster.local
 jaeger-collector-host: jaeger-collector.default.svc.cluster.local
 </pre></div>
 
-
 <p>Next you will need to deploy a distributed tracing system which uses OpenTracing. Both <a href="https://github.com/openzipkin/zipkin">Zipkin</a> and
 <a href="https://github.com/jaegertracing/jaeger">Jaeger</a> have been tested.</p>
-<p>Other optional configuration options:</p>
+<p>Other optional configuration options:
 <div class="codehilite"><pre><span></span># specifies the port to use when uploading traces
 zipkin-collector-port
 
@@ -1189,9 +1198,7 @@ jaeger-sampler-type
 
 # specifies the argument to be passed to the sampler constructor, Default: 1
 jaeger-sampler-param
-</pre></div>
+</pre></div></p>
-
-
 <h2 id="examples">Examples<a class="headerlink" href="#examples" title="Permanent link">&para;</a></h2>
 <p>The following examples show how to deploy and test different distributed tracing systems. These example can be performed
 using Minikube.</p>
@@ -1202,7 +1209,6 @@ github repository is an example of a dockerized date service. To install the exa
 kubectl create -f https://raw.githubusercontent.com/rnburn/zipkin-date-server/master/kubernetes/deployment.yaml
 </pre></div>
 
-
 <p>Also we need to configure the NGINX controller configmap with the required values:</p>
 <div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s1">&#39;</span>
 <span class="s1">apiVersion: v1</span>
@@ -1216,28 +1222,30 @@ kubectl create -f https://raw.githubusercontent.com/rnburn/zipkin-date-server/ma
 <span class="s1">&#39;</span> <span class="p">|</span> kubectl replace -f -
 </pre></div>
 
-
 <p>In the zipkin interface we can see the details:
 <img alt="zipkin screenshot" src="../../../images/zipkin-demo.png" title="zipkin collector screenshot" /></p>
 <h3 id="jaeger">Jaeger<a class="headerlink" href="#jaeger" title="Permanent link">&para;</a></h3>
 <ol>
 <li>
 <p>Enable Ingress addon in minikube:
-    <code class="codehilite">$ minikube addons <span class="nb">enable</span> ingress</code></p>
+    <div class="codehilite"><pre><span></span>$ minikube addons <span class="nb">enable</span> ingress
+</pre></div></p>
 </li>
 <li>
 <p>Add minikube IP to /etc/hosts:
-    <code class="codehilite">$ <span class="nb">echo</span> <span class="s2">&quot;</span><span class="k">$(</span>minikube ip<span class="k">)</span><span class="s2"> example.com&quot;</span> <span class="p">|</span> sudo tee -a /etc/hosts</code></p>
+    <div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s2">&quot;</span><span class="k">$(</span>minikube ip<span class="k">)</span><span class="s2"> example.com&quot;</span> <span class="p">|</span> sudo tee -a /etc/hosts
+</pre></div></p>
 </li>
 <li>
 <p>Apply a Basic Service and Ingress Resource:
-    ```
+    <div class="codehilite"><pre><span></span># Create Echoheaders Deployment
-    # Create Echoheaders Deployment
+$ kubectl run echoheaders --image=k8s.gcr.io/echoserver:1.4 --replicas=1 --port=8080
-    $ kubectl run echoheaders --image=k8s.gcr.io/echoserver:1.4 --replicas=1 --port=8080</p>
+
-<h1 id="expose-as-a-cluster-ip">Expose as a Cluster-IP<a class="headerlink" href="#expose-as-a-cluster-ip" title="Permanent link">&para;</a></h1>
+# Expose as a Cluster-IP
-<p>$ kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x</p>
+$ kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x
-<h1 id="apply-the-ingress-resource">Apply the Ingress Resource<a class="headerlink" href="#apply-the-ingress-resource" title="Permanent link">&para;</a></h1>
+
-<p>$ echo '
+# Apply the Ingress Resource
+$ echo &#39;
   apiVersion: extensions/v1beta1
   kind: Ingress
   metadata:
@@ -1251,54 +1259,68 @@ kubectl create -f https://raw.githubusercontent.com/rnburn/zipkin-date-server/ma
             serviceName: echoheaders-x
             servicePort: 80
           path: /echo
-  ' | kubectl apply -f -
+  &#39; | kubectl apply -f -
-```</p>
+</pre></div></p>
 </li>
 <li>
 <p>Enable OpenTracing and set the zipkin-collector-host:
-    <code class="codehilite">$ <span class="nb">echo</span> <span class="s1">&#39;</span><span class="s1">      apiVersion: v1</span><span class="s1">      kind: ConfigMap</span><span class="s1">      data:</span><span class="s1">        enable-opentracing: &quot;true&quot;</span><span class="s1">        zipkin-collector-host: zipkin.default.svc.cluster.local</span><span class="s1">        jaeger-collector-host: jaeger-collector.default.svc.cluster.local</span><span class="s1">      metadata:</span><span class="s1">        name: nginx-load-balancer-conf</span><span class="s1">        namespace: kube-system</span><span class="s1">      &#39;</span> <span class="p">|</span> kubectl replace -f -</code></p>
+    <div class="codehilite"><pre><span></span>$ <span class="nb">echo</span> <span class="s1">&#39;</span>
+<span class="s1">  apiVersion: v1</span>
+<span class="s1">  kind: ConfigMap</span>
+<span class="s1">  data:</span>
+<span class="s1">    enable-opentracing: &quot;true&quot;</span>
+<span class="s1">    zipkin-collector-host: zipkin.default.svc.cluster.local</span>
+<span class="s1">    jaeger-collector-host: jaeger-collector.default.svc.cluster.local</span>
+<span class="s1">  metadata:</span>
+<span class="s1">    name: nginx-load-balancer-conf</span>
+<span class="s1">    namespace: kube-system</span>
+<span class="s1">  &#39;</span> <span class="p">|</span> kubectl replace -f -
+</pre></div></p>
 </li>
 <li>
 <p>Apply the Jaeger All-In-One Template:
-    <code class="codehilite">$ kubectl apply -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/master/all-in-one/jaeger-all-in-one-template.yml</code></p>
+    <div class="codehilite"><pre><span></span>$ kubectl apply -f https://raw.githubusercontent.com/jaegertracing/jaeger-kubernetes/master/all-in-one/jaeger-all-in-one-template.yml
+</pre></div></p>
 </li>
 <li>
 <p>Make a few requests to the Service:
-    ```
+    <div class="codehilite"><pre><span></span>$ curl example.com/echo -d <span class="s2">&quot;meow&quot;</span>
-    $ curl example.com/echo -d "meow"</p>
+
-<p>CLIENT VALUES:
+CLIENT VALUES:
-client_address=172.17.0.5
+<span class="nv">client_address</span><span class="o">=</span><span class="m">172</span>.17.0.5
-command=POST
+<span class="nv">command</span><span class="o">=</span>POST
-real path=/echo
+real <span class="nv">path</span><span class="o">=</span>/echo
-query=nil
+<span class="nv">query</span><span class="o">=</span>nil
-request_version=1.1
+<span class="nv">request_version</span><span class="o">=</span><span class="m">1</span>.1
-request_uri=http://example.com:8080/echo</p>
+<span class="nv">request_uri</span><span class="o">=</span>http://example.com:8080/echo
-<p>SERVER VALUES:
+
-server_version=nginx: 1.10.0 - lua: 10001</p>
+SERVER VALUES:
-<p>HEADERS RECEIVED:
+<span class="nv">server_version</span><span class="o">=</span>nginx: <span class="m">1</span>.10.0 - lua: <span class="m">10001</span>
-accept=<em>/</em>
+
-connection=close
+HEADERS RECEIVED:
-content-length=4
+<span class="nv">accept</span><span class="o">=</span>*/*
-content-type=application/x-www-form-urlencoded
+<span class="nv">connection</span><span class="o">=</span>close
-host=example.com
+content-length<span class="o">=</span><span class="m">4</span>
-user-agent=curl/7.54.0
+content-type<span class="o">=</span>application/x-www-form-urlencoded
-x-forwarded-for=192.168.99.1
+<span class="nv">host</span><span class="o">=</span>example.com
-x-forwarded-host=example.com
+user-agent<span class="o">=</span>curl/7.54.0
-x-forwarded-port=80
+x-forwarded-for<span class="o">=</span><span class="m">192</span>.168.99.1
-x-forwarded-proto=http
+x-forwarded-host<span class="o">=</span>example.com
-x-original-uri=/echo
+x-forwarded-port<span class="o">=</span><span class="m">80</span>
-x-real-ip=192.168.99.1
+x-forwarded-proto<span class="o">=</span>http
-x-scheme=http
+x-original-uri<span class="o">=</span>/echo
+x-real-ip<span class="o">=</span><span class="m">192</span>.168.99.1
+x-scheme<span class="o">=</span>http
 BODY:
 meow
-```</p>
+</pre></div></p>
 </li>
 <li>
 <p>View the Jaeger UI:
-    ```
+    <div class="codehilite"><pre><span></span>$ minikube service jaeger-query --url
-    $ minikube service jaeger-query --url</p>
+
-<p>http://192.168.99.100:30183
+http://192.168.99.100:30183
-```</p>
+</pre></div></p>
 <p>In the jaeger interface we can see the details:
 <img alt="jaeger screenshot" src="../../../images/jaeger-demo.png" title="jaeger collector screenshot" /></p>
 </li>

user-guide/tls/index.html

@@ -358,6 +358,18 @@
           
 
 
+  <li class="md-nav__item">
+    <a href="../../deploy/baremetal/" title="Bare-metal considerations" class="md-nav__link">
+      Bare-metal considerations
+    </a>
+  </li>
+
+        
+          
+          
+          
+
+
   <li class="md-nav__item">
     <a href="../../deploy/rbac/" title="Role Based Access Control (RBAC)" class="md-nav__link">
       Role Based Access Control (RBAC)
@@ -1209,12 +1221,10 @@
 <div class="codehilite"><pre><span></span>$ openssl req -x509 -nodes -days <span class="m">365</span> -newkey rsa:2048 -keyout <span class="si">${</span><span class="nv">KEY_FILE</span><span class="si">}</span> -out <span class="si">${</span><span class="nv">CERT_FILE</span><span class="si">}</span> -subj <span class="s2">&quot;/CN=</span><span class="si">${</span><span class="nv">HOST</span><span class="si">}</span><span class="s2">/O=</span><span class="si">${</span><span class="nv">HOST</span><span class="si">}</span><span class="s2">&quot;</span><span class="sb">`</span>
 </pre></div>
 
-
 <p>Then create the secret in the cluster via:</p>
 <div class="codehilite"><pre><span></span>kubectl create secret tls <span class="si">${</span><span class="nv">CERT_NAME</span><span class="si">}</span> --key <span class="si">${</span><span class="nv">KEY_FILE</span><span class="si">}</span> --cert <span class="si">${</span><span class="nv">CERT_FILE</span><span class="si">}</span>
 </pre></div>
 
-
 <p>The resulting secret will be of type <code class="codehilite">kubernetes.io/tls</code>.</p>
 <h2 id="default-ssl-certificate">Default SSL Certificate<a class="headerlink" href="#default-ssl-certificate" title="Permanent link">&para;</a></h2>
 <p>NGINX provides the option to configure a server as a catch-all with
@@ -1265,7 +1275,6 @@ by monitoring ingress resources and their referenced secrets.</p>
 <div class="codehilite"><pre><span></span><span class="go">kubectl annotate ing ingress-demo kubernetes.io/tls-acme=&quot;true&quot;</span>
 </pre></div>
 
-
 <p>To setup Kube-Lego you can take a look at this <a href="https://github.com/jetstack/kube-lego/tree/master/examples">full example</a>.
 The first version to fully support Kube-Lego is Nginx Ingress controller 0.8.</p>
 <h2 id="default-tls-version-and-ciphers">Default TLS Version and Ciphers<a class="headerlink" href="#default-tls-version-and-ciphers" title="Permanent link">&para;</a></h2>