DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add firewall rules and ing class clarifications

Browse source
This commit is contained in:
Pierrick 2016-09-01 11:19:26 +02:00 committed by GitHub
parent 05add360d2
commit f4854b60c9
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
controllers/nginx/README.md
View file

@ -78,6 +78,8 @@ Next we create a couple of Ingress rules
kubectl create -f examples/ingress.yaml kubectl create -f examples/ingress.yaml
``` ```
If your version of Kubernetes is higher than 1.3, you can restrict the ingress usage to NGINX with this annotation :`kubernetes.io/ingress.class: "nginx"`
we check that ingress rules are defined: we check that ingress rules are defined:
``` ```
$ kubectl get ing $ kubectl get ing
@ -102,6 +104,7 @@ Check NGINX it is running with the defined Ingress rules:
$ LBIP=$(kubectl get node `kubectl get po -l name=nginx-ingress-lb --template '{{range .items}}{{.spec.nodeName}}{{end}}'` --template '{{range $i, $n := .status.addresses}}{{if eq $n.type "ExternalIP"}}{{$n.address}}{{end}}{{end}}') $ LBIP=$(kubectl get node `kubectl get po -l name=nginx-ingress-lb --template '{{range .items}}{{.spec.nodeName}}{{end}}'` --template '{{range $i, $n := .status.addresses}}{{if eq $n.type "ExternalIP"}}{{$n.address}}{{end}}{{end}}')
$ curl $LBIP/foo -H 'Host: foo.bar.com' $ curl $LBIP/foo -H 'Host: foo.bar.com'
``` ```
You may need to add a firewall rule to allow traffic on port 80. This is related to your cloud provider.
## HTTPS ## HTTPS
@ -137,6 +140,8 @@ Please follow [test.sh](https://github.com/bprashanth/Ingress/blob/master/exampl
Check the [example](examples/tls/README.md) Check the [example](examples/tls/README.md)
You may need to add a firewall rule to allow traffic on port 443. This is related to your cloud provider.
### Default SSL Certificate ### Default SSL Certificate
NGINX provides the option serve rname [_](http://nginx.org/en/docs/http/server_names.html) as a catch-all in case of requests that do not match one of the configured server names. This configuration works without issues for HTTP traffic. In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case. NGINX provides the option serve rname [_](http://nginx.org/en/docs/http/server_names.html) as a catch-all in case of requests that do not match one of the configured server names. This configuration works without issues for HTTP traffic. In case of HTTPS NGINX requires a certificate. For this reason the Ingress controller provides the flag `--default-ssl-certificate`. The secret behind this flag contains the default certificate to be used in the mentioned case.