From c4eb8987b988a9bbc4e1702ab0364b38a63b2d7e Mon Sep 17 00:00:00 2001
From: caiyixiang <Cai.yixiang@zte.com.cn>
Date: Wed, 3 May 2017 16:33:58 +0800
Subject: [PATCH] add a example for customize the haproxy_ssh-dh-param

---
 .../ssl-dh-param/haproxy/README.md            | 73 +++++++++++++++++++
 .../ssl-dh-param/haproxy/haproxy-conf.yaml    |  6 ++
 .../haproxy/haproxy-ingress-deployment.yaml   | 40 ++++++++++
 .../ssl-dh-param/haproxy/ssl-dh-param.yaml    |  7 ++
 4 files changed, 126 insertions(+)
 create mode 100644 examples/customization/ssl-dh-param/haproxy/README.md
 create mode 100644 examples/customization/ssl-dh-param/haproxy/haproxy-conf.yaml
 create mode 100644 examples/customization/ssl-dh-param/haproxy/haproxy-ingress-deployment.yaml
 create mode 100644 examples/customization/ssl-dh-param/haproxy/ssl-dh-param.yaml

diff --git a/examples/customization/ssl-dh-param/haproxy/README.md b/examples/customization/ssl-dh-param/haproxy/README.md
new file mode 100644
index 000000000..d5ce75467
--- /dev/null
+++ b/examples/customization/ssl-dh-param/haproxy/README.md
@@ -0,0 +1,73 @@
+# Customize the HAProxy configuration
+
+This example aims to demonstrate the deployment of an haproxy ingress controller and
+use a ConfigMap to configure custom Diffie-Hellman parameters file to help with
+"Perfect Forward Secrecy".
+
+## Prerequisites
+
+This document has the following prerequisites:
+
+Deploy only the tls-secret and the default backend from the [deployment instructions](../../../deployment/haproxy/)
+
+As mentioned in the deployment instructions, you MUST turn down any existing
+ingress controllers before running HAProxy Ingress.
+
+## Custom configuration
+
+```console
+$ cat haproxy-conf.yaml
+apiVersion: v1
+data:
+  ssl-dh-param: "default/lb-dhparam"
+kind: ConfigMap
+metadata:
+  name: haproxy-conf
+```
+
+```console
+$ kubectl create -f haproxy-conf.yaml
+```
+
+## Custom DH parameters secret
+
+```console
+$> openssl dhparam 1024 2> /dev/null | base64
+LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ...
+```
+
+```console
+$ cat ssl-dh-param.yaml
+apiVersion: v1
+data:
+  dhparam.pem: "LS0tLS1CRUdJTiBESCBQQVJBTUVURVJ..."
+kind: Secret
+type: Opaque
+metadata:
+  name: lb-dhparam
+```
+
+```console
+$ kubectl create -f ssl-dh-param.yaml
+```
+
+## Controller
+
+You can deploy the controller as follows:
+
+```console
+$ kubectl apply -f haproxy-ingress-deployment.yaml
+deployment "haproxy-ingress-deployment" created
+
+$ kubectl get po
+NAME                                       READY     STATUS    RESTARTS   AGE
+default-http-backend-2198840601-0k6sv      1/1       Running   0          5m
+haproxy-ingress-650604828-4vvwb            1/1       Running   0          57s
+```
+
+## Test
+
+Check the contents of the configmap is present in the haproxy.cfg file using:
+`kubectl exec -it haproxy-ingress-650604828-4vvwb cat /usr/local/etc/haproxy/haproxy.cfg`
+
+Check all the config options in the [HAProxy Ingress docs](https://github.com/jcmoraisjr/haproxy-ingress#configmap)
\ No newline at end of file
diff --git a/examples/customization/ssl-dh-param/haproxy/haproxy-conf.yaml b/examples/customization/ssl-dh-param/haproxy/haproxy-conf.yaml
new file mode 100644
index 000000000..ccfbe0d2b
--- /dev/null
+++ b/examples/customization/ssl-dh-param/haproxy/haproxy-conf.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+data:
+  ssl-dh-param: "default/lb-dhparam"
+kind: ConfigMap
+metadata:
+  name: haproxy-conf
diff --git a/examples/customization/ssl-dh-param/haproxy/haproxy-ingress-deployment.yaml b/examples/customization/ssl-dh-param/haproxy/haproxy-ingress-deployment.yaml
new file mode 100644
index 000000000..77841b085
--- /dev/null
+++ b/examples/customization/ssl-dh-param/haproxy/haproxy-ingress-deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    run: haproxy-ingress
+  name: haproxy-ingress
+spec:
+  replicas: 1 
+  selector:
+    matchLabels:
+      run: haproxy-ingress
+  template:
+    metadata:
+      labels:
+        run: haproxy-ingress
+    spec:
+      containers:
+      - name: haproxy-ingress
+        image: quay.io/jcmoraisjr/haproxy-ingress
+        imagePullPolicy: IfNotPresent
+        args:
+        - --default-backend-service=default/default-http-backend
+        - --default-ssl-certificate=default/tls-secret
+        - --configmap=default/haproxy-conf
+        ports:
+        - name: http
+          containerPort: 80
+        - name: https
+          containerPort: 443
+        - name: stat
+          containerPort: 1936
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
diff --git a/examples/customization/ssl-dh-param/haproxy/ssl-dh-param.yaml b/examples/customization/ssl-dh-param/haproxy/ssl-dh-param.yaml
new file mode 100644
index 000000000..347ae1e39
--- /dev/null
+++ b/examples/customization/ssl-dh-param/haproxy/ssl-dh-param.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  dhparam.pem: "...base64 encoded data..."
+kind: Secret
+type: Opaque
+metadata:
+  name: lb-dhparam