DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-08-12 21:17:22 +00:00
parent 2732c722e4
commit e3d51fa211
9 changed files with 114 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
deploy/upgrade/index.html
View file

@ -1124,7 +1124,7 @@ in the controller Deployment.</p>
<p>simply change the <code class="codehilite">0.9.0</code> tag to the version you wish to upgrade to.
The easiest way to do this is e.g. (do note you may need to change the name parameter according to your installation):</p>
<div class="codehilite"><pre><span></span>kubectl set image deployment/nginx-ingress-controller \
nginx-ingress-controller=nginx:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
nginx-ingress-controller=nginx:quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
</pre></div>

2
examples/http-svc.yaml
View file

@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: http-svc
image: gcr.io/google_containers/echoserver:1.8
image: gcr.io/kubernetes-e2e-test-images/echoserver:2.1
ports:
- containerPort: 8080
env:

2
examples/multi-tls/multi-tls.yaml
View file

@ -58,7 +58,7 @@ spec:
spec:
containers:
- name: http-svc
image: gcr.io/google_containers/echoserver:1.8
image: gcr.io/kubernetes-e2e-test-images/echoserver:2.1
ports:
- containerPort: 8080
env:

2
examples/static-ip/nginx-ingress-controller.yaml
View file

@ -21,7 +21,7 @@ spec:
# hostNetwork: true
terminationGracePeriodSeconds: 60
containers:
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.17.1
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.18.0
name: nginx-ingress-controller
readinessProbe:
httpGet:

37
search/search_index.json
View file

File diff suppressed because one or more lines are too long

86
sitemap.xml
View file

@ -2,217 +2,217 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/deploy/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/deploy/rbac/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/deploy/upgrade/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/nginx-configuration/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/nginx-configuration/annotations/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/nginx-configuration/configmap/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/nginx-configuration/custom-template/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/nginx-configuration/log-format/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/cli-arguments/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/custom-errors/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/default-backend/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/exposing-tcp-udp-services/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/external-articles/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/miscellaneous/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/multiple-ingress/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/tls/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/third-party-addons/modsecurity/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/user-guide/third-party-addons/opentracing/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/PREREQUISITES/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/affinity/cookie/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/auth/basic/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/auth/client-certs/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/auth/external-auth/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/auth/oauth-external-auth/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/configuration-snippets/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/custom-configuration/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/custom-errors/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/custom-headers/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/custom-upstream-check/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/external-auth-headers/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/ssl-dh-param/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/customization/sysctl/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/docker-registry/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/grpc/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/multi-tls/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/rewrite/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/static-ip/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/examples/tls-termination/README/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/development/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/how-it-works/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>/troubleshooting/</loc>
<lastmod>2018-08-06</lastmod>
<lastmod>2018-08-12</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

59
user-guide/nginx-configuration/annotations/index.html
View file

@ -615,8 +615,8 @@
</li>
<li class="md-nav__item">
<a href="#secure-backends" title="Secure backends" class="md-nav__link">
Secure backends
<a href="#secure-backends-deprecated-since-0180" title="Secure backends DEPRECATED (since 0.18.0)" class="md-nav__link">
Secure backends DEPRECATED (since 0.18.0)
</a>
</li>
@ -740,8 +740,8 @@
</li>
<li class="md-nav__item">
<a href="#grpc-backend" title="gRPC backend" class="md-nav__link">
gRPC backend
<a href="#grpc-backend-deprecated-since-0180" title="gRPC backend DEPRECATED (since 0.18.0)" class="md-nav__link">
gRPC backend DEPRECATED (since 0.18.0)
</a>
</li>
@ -753,6 +753,13 @@
</li>
<li class="md-nav__item">
<a href="#backend-protocol" title="Backend Protocol" class="md-nav__link">
Backend Protocol
</a>
</li>
@ -1481,8 +1488,8 @@
</li>
<li class="md-nav__item">
<a href="#secure-backends" title="Secure backends" class="md-nav__link">
Secure backends
<a href="#secure-backends-deprecated-since-0180" title="Secure backends DEPRECATED (since 0.18.0)" class="md-nav__link">
Secure backends DEPRECATED (since 0.18.0)
</a>
</li>
@ -1606,8 +1613,8 @@
</li>
<li class="md-nav__item">
<a href="#grpc-backend" title="gRPC backend" class="md-nav__link">
gRPC backend
<a href="#grpc-backend-deprecated-since-0180" title="gRPC backend DEPRECATED (since 0.18.0)" class="md-nav__link">
gRPC backend DEPRECATED (since 0.18.0)
</a>
</li>
@ -1619,6 +1626,13 @@
</li>
<li class="md-nav__item">
<a href="#backend-protocol" title="Backend Protocol" class="md-nav__link">
Backend Protocol
</a>
</li>
@ -1710,6 +1724,10 @@ table below.</p>
<td>string</td>
</tr>
<tr>
<td><a href="#backend-protocol">nginx.ingress.kubernetes.io/backend-protocol</a></td>
<td>string</td>
</tr>
<tr>
<td><a href="#rewrite">nginx.ingress.kubernetes.io/base-url-scheme</a></td>
<td>string</td>
</tr>
@ -2190,7 +2208,7 @@ This can be used to mitigate <a href="https://www.nginx.com/blog/mitigating-ddos
<h3 id="permanent-redirect">Permanent Redirect<a class="headerlink" href="#permanent-redirect" title="Permanent link">&para;</a></h3>
<p>This annotation allows to return a permanent redirect instead of sending data to the upstream. For example <code class="codehilite">nginx.ingress.kubernetes.io/permanent-redirect: https://www.google.com</code> would redirect everything to Google.</p>
<h3 id="permanent-redirect-code">Permanent Redirect Code<a class="headerlink" href="#permanent-redirect-code" title="Permanent link">&para;</a></h3>
<p>This annotation allows you to modify the status code used for permanent redirects. For example <code class="codehilite">nginx.ingress.kubernetes.io/permanent-redirect-code: &#39;308&#39;</code> would return your permanet-redirect with a 308.</p>
<p>This annotation allows you to modify the status code used for permanent redirects. For example <code class="codehilite">nginx.ingress.kubernetes.io/permanent-redirect-code: &#39;308&#39;</code> would return your permanent-redirect with a 308.</p>
<h3 id="ssl-passthrough">SSL Passthrough<a class="headerlink" href="#ssl-passthrough" title="Permanent link">&para;</a></h3>
<p>The annotation <code class="codehilite">nginx.ingress.kubernetes.io/ssl-passthrough</code> allows to configure TLS termination in the pod and not in NGINX.</p>
<div class="admonition attention">
@ -2202,7 +2220,8 @@ This is because SSL Passthrough works on level 4 of the OSI stack (TCP), not on
<p class="admonition-title">Attention</p>
<p>The use of this annotation requires the flag <code class="codehilite">--enable-ssl-passthrough</code> (By default it is disabled).</p>
</div>
<h3 id="secure-backends">Secure backends<a class="headerlink" href="#secure-backends" title="Permanent link">&para;</a></h3>
<h3 id="secure-backends-deprecated-since-0180">Secure backends DEPRECATED (since 0.18.0)<a class="headerlink" href="#secure-backends-deprecated-since-0180" title="Permanent link">&para;</a></h3>
<p>Please use <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;HTTPS&quot;</code></p>
<p>By default NGINX uses plain HTTP to reach the services.
Adding the annotation <code class="codehilite">nginx.ingress.kubernetes.io/secure-backends: &quot;true&quot;</code> in the Ingress rule changes the protocol to HTTPS.
If you want to validate the upstream against a specific certificate, you can create a secret with it and reference the secret with the annotation <code class="codehilite">nginx.ingress.kubernetes.io/secure-verify-ca-secret</code>.</p>
@ -2341,7 +2360,8 @@ You can use <code class="codehilite">nginx.ingress.kubernetes.io/lua-resty-waf-i
<p>For details on how to write WAF rules, please refer to <a href="https://github.com/p0pr0ck5/lua-resty-waf">https://github.com/p0pr0ck5/lua-resty-waf</a>.</p>
<h3 id="grpc-backend">gRPC backend<a class="headerlink" href="#grpc-backend" title="Permanent link">&para;</a></h3>
<h3 id="grpc-backend-deprecated-since-0180">gRPC backend DEPRECATED (since 0.18.0)<a class="headerlink" href="#grpc-backend-deprecated-since-0180" title="Permanent link">&para;</a></h3>
<p>Please use <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPC&quot;</code> or <code class="codehilite">nginx.ingress.kubernetes.io/backend-protocol: &quot;GRPCS&quot;</code></p>
<p>Since NGINX 1.13.10 it is possible to expose <a href="http://nginx.org/en/docs/http/ngx_http_grpc_module.html">gRPC services natively</a></p>
<p>You only need to add the annotation <code class="codehilite">nginx.ingress.kubernetes.io/grpc-backend: &quot;true&quot;</code> to enable this feature.
Additionally, if the gRPC service requires TLS, add <code class="codehilite">nginx.ingress.kubernetes.io/secure-backends: &quot;true&quot;</code>.</p>
@ -2356,18 +2376,27 @@ using the <a href="https://github.com/influxdata/nginx-influxdb-module/">nginx-i
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/enable-influxdb</span><span class="p p-Indicator">:</span> <span class="s">&quot;true&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-measurement</span><span class="p p-Indicator">:</span> <span class="s">&quot;nginx-reqs&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-port</span><span class="p p-Indicator">:</span> <span class="s">&quot;8089&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-host</span><span class="p p-Indicator">:</span> <span class="s">&quot;influxdb&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-host</span><span class="p p-Indicator">:</span> <span class="s">&quot;127.0.0.1&quot;</span>
<span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/influxdb-server-name</span><span class="p p-Indicator">:</span> <span class="s">&quot;nginx-ingress&quot;</span>
</pre></div>
<p>For the <code class="codehilite">influxdb-host</code> parameter you have two options:</p>
<p>To use the module in the Kubernetes Nginx ingress controller, you have two options:</p>
<ul>
<li>Use an InfluxDB server configured to enable the <a href="https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/">UDP protocol</a>.</li>
<li>Use an InfluxDB server configured with the <a href="https://docs.influxdata.com/influxdb/v1.5/supported_protocols/udp/">UDP protocol</a> enabled. </li>
<li>Deploy Telegraf as a sidecar proxy to the Ingress controller configured to listen UDP with the <a href="https://github.com/influxdata/telegraf/tree/release-1.6/plugins/inputs/socket_listener">socket listener input</a> and to write using
anyone of the <a href="https://github.com/influxdata/telegraf/tree/release-1.6/plugins/outputs">outputs plugins</a></li>
anyone of the <a href="https://github.com/influxdata/telegraf/tree/release-1.7/plugins/outputs">outputs plugins</a> like InfluxDB, Apache Kafka,
Prometheus, etc.. (recommended)</li>
</ul>
<p>It's important to remember that there's no DNS resolver at this stage so you will have to configure
an ip address to <code class="codehilite">nginx.ingress.kubernetes.io/influxdb-host</code>. If you deploy Influx or Telegraf as sidecar (another container in the same pod) this becomes straightforward since you can directly use <code class="codehilite">127.0.0.1</code>.</p>
<h3 id="backend-protocol">Backend Protocol<a class="headerlink" href="#backend-protocol" title="Permanent link">&para;</a></h3>
<p>Using <code class="codehilite">backend-protocol</code> annotations is possible to indicate how NGINX should communicate with the backend service.
Valid Values: HTTP, HTTPS, GRPC, GRPCS and AJP</p>
<p>By default NGINX uses <code class="codehilite">HTTP</code>.</p>
<p>Example:</p>
<div class="codehilite"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">nginx.ingress.kubernetes.io/backend-protocol</span><span class="p p-Indicator">:</span> <span class="s">&quot;HTTPS&quot;</span>
</pre></div>

2
user-guide/nginx-configuration/configmap/index.html
View file

@ -3457,7 +3457,7 @@ To create a ticket: <code class="codehilite">openssl rand 80 | openssl enc -A -b
<h2 id="use-proxy-protocol">use-proxy-protocol<a class="headerlink" href="#use-proxy-protocol" title="Permanent link">&para;</a></h2>
<p>Enables or disables the <a href="https://www.nginx.com/resources/admin-guide/proxy-protocol/">PROXY protocol</a> to receive client connection (real IP address) information passed through proxy servers and load balancers such as HAProxy and Amazon Elastic Load Balancer (ELB).</p>
<h2 id="proxy-protocol-header-timeout">proxy-protocol-header-timeout<a class="headerlink" href="#proxy-protocol-header-timeout" title="Permanent link">&para;</a></h2>
<p>Sets the timeout value for receiving the proxy-protocol headers. The default of 5 seconds prevents the TLS passthrough handler from waiting indefinetly on a dropped connection.
<p>Sets the timeout value for receiving the proxy-protocol headers. The default of 5 seconds prevents the TLS passthrough handler from waiting indefinitely on a dropped connection.
<em><strong>default:</strong></em> 5s</p>
<h2 id="use-gzip">use-gzip<a class="headerlink" href="#use-gzip" title="Permanent link">&para;</a></h2>
<p>Enables or disables compression of HTTP responses using the <a href="http://nginx.org/en/docs/http/ngx_http_gzip_module.html">"gzip" module</a>.

2
user-guide/third-party-addons/modsecurity/index.html
View file

@ -1043,7 +1043,7 @@
<p>The default ModSecurity configuration file is located in <code class="codehilite">/etc/nginx/modsecurity/modsecurity.conf</code>. This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.
To enable the ModSecurity feature we need to specify <code class="codehilite">enable-modsecurity: &quot;true&quot;</code> in the configuration configmap.</p>
<blockquote>
<p><strong>Note:</strong> the default configuration use detection only, because that minimises the chances of post-installation disruption.
<p><strong>Note:</strong> the default configuration use detection only, because that minimizes the chances of post-installation disruption.
The file <code class="codehilite">/var/log/modsec_audit.log</code> contains the log of ModSecurity.</p>
</blockquote>
<p>The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.