diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index 8a527e37f..def7affb5 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -241,3 +241,5 @@ The previous behavior can be restored using `retry-non-idempotent=true` in the c ## Limitations - Ingress rules for TLS require the definition of the field `host` +- The IP address in the status of loadBalancer could contain old values + diff --git a/controllers/nginx/examples/README.md b/controllers/nginx/examples/README.md new file mode 100644 index 000000000..30348b639 --- /dev/null +++ b/controllers/nginx/examples/README.md @@ -0,0 +1,8 @@ + +All the examples references the services `echoheaders-x` and `echoheaders-y` + +``` +kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080 +kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x +kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x +``` diff --git a/controllers/nginx/examples/custom-configuration/rc-custom-configuration.yaml b/controllers/nginx/examples/custom-configuration/rc-custom-configuration.yaml index 7e43da8b9..45c8be2cf 100644 --- a/controllers/nginx/examples/custom-configuration/rc-custom-configuration.yaml +++ b/controllers/nginx/examples/custom-configuration/rc-custom-configuration.yaml @@ -40,7 +40,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 args: - /nginx-ingress-controller - --default-backend-service=default/default-http-backend diff --git a/controllers/nginx/examples/daemonset/as-daemonset.yaml b/controllers/nginx/examples/daemonset/as-daemonset.yaml index 9cc493969..3c6aa14e4 100644 --- a/controllers/nginx/examples/daemonset/as-daemonset.yaml +++ b/controllers/nginx/examples/daemonset/as-daemonset.yaml @@ -34,7 +34,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 args: - /nginx-ingress-controller - --default-backend-service=default/default-http-backend diff --git a/controllers/nginx/examples/default/rc-default.yaml b/controllers/nginx/examples/default/rc-default.yaml index 842a372cc..48227cfa6 100644 --- a/controllers/nginx/examples/default/rc-default.yaml +++ b/controllers/nginx/examples/default/rc-default.yaml @@ -40,7 +40,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 args: - /nginx-ingress-controller - --default-backend-service=default/default-http-backend diff --git a/controllers/nginx/examples/full/rc-full.yaml b/controllers/nginx/examples/full/rc-full.yaml index d54fe4dbb..1bb68dded 100644 --- a/controllers/nginx/examples/full/rc-full.yaml +++ b/controllers/nginx/examples/full/rc-full.yaml @@ -45,7 +45,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 - containerPort: 8080 hostPort: 9000 volumeMounts: diff --git a/controllers/nginx/examples/tcp/rc-tcp.yaml b/controllers/nginx/examples/tcp/rc-tcp.yaml index ef64d30b7..f083e2faa 100644 --- a/controllers/nginx/examples/tcp/rc-tcp.yaml +++ b/controllers/nginx/examples/tcp/rc-tcp.yaml @@ -40,7 +40,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 # we expose 8080 to access nginx stats in url /nginx-status # this is optional - containerPort: 8080 diff --git a/controllers/nginx/examples/tls/README.md b/controllers/nginx/examples/tls/README.md index bc34b63a6..39ea28406 100644 --- a/controllers/nginx/examples/tls/README.md +++ b/controllers/nginx/examples/tls/README.md @@ -1,11 +1,12 @@ This is an example to use a TLS Ingress rule to use SSL in NGINX -*First expose the `echoheaders` service:* +# TLS certificate termination -``` -kubectl run echoheaders --image=gcr.io/google_containers/echoserver:1.3 --replicas=1 --port=8080 -kubectl expose deployment echoheaders --port=80 --target-port=8080 --name=echoheaders-x -``` +This examples uses 2 different certificates to terminate SSL for 2 hostnames. + +1. Deploy the controller by creating the rc in the parent dir +2. Create tls secret for foo.bar.com +3. Create rc-ssl.yaml *Next create a SSL certificate for `foo.bar.com` host:* @@ -30,6 +31,7 @@ data: *Finally create a tls Ingress rule:* ``` +echo " apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -51,51 +53,38 @@ spec: " | kubectl create -f - ``` +You should be able to reach your nginx service or echoheaders service using a hostname: ``` -TODO: -- show logs -- curl +$ kubectl get ing +NAME RULE BACKEND ADDRESS +foo - 10.4.0.3 + foo.bar.com + / echoheaders-x:80 ``` - -##### Another example: - -This shows a more complex example that creates the servers `foo.bar.com` and `bar.baz.com` where only `foo.bar.com` uses SSL - -``` -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: complex-foo - namespace: default -spec: - tls: - - hosts: - - foo.bar.com - secretName: foo-tls - - hosts: - - bar.baz.com - secretName: foo-tls - rules: - - host: foo.bar.com - http: - paths: - - backend: - serviceName: echoheaders-x - servicePort: 80 - path: / - - host: bar.baz.com - http: - paths: - - backend: - serviceName: echoheaders-y - servicePort: 80 - path: / ``` +$ curl https://10.4.0.3 -H 'Host:foo.bar.com' -k +old-mbp:contrib aledbf$ curl https://10.4.0.3 -H 'Host:foo.bar.com' -k +CLIENT VALUES: +client_address=10.2.48.4 +command=GET +real path=/ +query=nil +request_version=1.1 +request_uri=http://foo.bar.com:8080/ +SERVER VALUES: +server_version=nginx: 1.9.7 - lua: 9019 -``` -TODO: -- show logs -- curl +HEADERS RECEIVED: +accept=*/* +connection=close +host=foo.bar.com +user-agent=curl/7.43.0 +x-forwarded-for=10.2.48.1 +x-forwarded-host=foo.bar.com +x-forwarded-proto=https +x-real-ip=10.2.48.1 +BODY: +-no body in request- ``` diff --git a/controllers/nginx/examples/tls/rc-ssl.yaml b/controllers/nginx/examples/tls/rc-ssl.yaml index f98a71902..2bf1aa3e3 100644 --- a/controllers/nginx/examples/tls/rc-ssl.yaml +++ b/controllers/nginx/examples/tls/rc-ssl.yaml @@ -40,7 +40,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 - containerPort: 8080 hostPort: 9000 args: diff --git a/controllers/nginx/examples/udp/rc-udp.yaml b/controllers/nginx/examples/udp/rc-udp.yaml index 283c2211b..22d167f1c 100644 --- a/controllers/nginx/examples/udp/rc-udp.yaml +++ b/controllers/nginx/examples/udp/rc-udp.yaml @@ -40,7 +40,7 @@ spec: - containerPort: 80 hostPort: 80 - containerPort: 443 - hostPort: 4444 + hostPort: 443 # we expose 8080 to access nginx stats in url /nginx-status # this is optional - containerPort: 8080