From f4854b60c93435bebcb20cea6658b8969be86f25 Mon Sep 17 00:00:00 2001 From: Pierrick Date: Thu, 1 Sep 2016 11:19:26 +0200 Subject: [PATCH] Add firewall rules and ing class clarifications --- controllers/nginx/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/controllers/nginx/README.md b/controllers/nginx/README.md index ac39f4ccd..b6f3f298d 100644 --- a/controllers/nginx/README.md +++ b/controllers/nginx/README.md @@ -78,6 +78,8 @@ Next we create a couple of Ingress rules kubectl create -f examples/ingress.yaml ``` +If your version of Kubernetes is higher than 1.3, you can restrict the ingress usage to NGINX with this annotation :`kubernetes.io/ingress.class: "nginx"` + we check that ingress rules are defined: ``` $ kubectl get ing @@ -102,6 +104,7 @@ Check NGINX it is running with the defined Ingress rules: $ LBIP=$(kubectl get node `kubectl get po -l name=nginx-ingress-lb --template '{{range .items}}{{.spec.nodeName}}{{end}}'` --template '{{range $i, $n := .status.addresses}}{{if eq $n.type "ExternalIP"}}{{$n.address}}{{end}}{{end}}') $ curl $LBIP/foo -H 'Host: foo.bar.com' ``` +You may need to add a firewall rule to allow traffic on port 80. This is related to your cloud provider. ## HTTPS @@ -137,6 +140,8 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl Check the [example](examples/tls/README.md) +You may need to add a firewall rule to allow traffic on port 443. This is related to your cloud provider. + ### Default SSL Certificate NGINX provides the option serve rname [_](http://nginx.org/en/docs/http/server_names.html) as a catch-all in case of requests that do not match one of the configured server names. This configuration works without issues for HTTP traffic. In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case.