diff --git a/.travis.yml b/.travis.yml index c3ba646c9..0437f44a2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,7 +26,7 @@ go_import_path: k8s.io/ingress-nginx env: global: - CHANGE_MINIKUBE_NONE_USER=true - - KUBERNETES_VERSION=v1.9.4 + - KUBERNETES_VERSION=v1.10.0 - DOCKER=docker - BUSTED_VERSION=2.0.rc12 - GH_REF=github.com/kubernetes/ingress-nginx diff --git a/deploy/configmap.yaml b/deploy/configmap.yaml index 08e91017e..9147c790e 100644 --- a/deploy/configmap.yaml +++ b/deploy/configmap.yaml @@ -1,3 +1,5 @@ +--- + kind: ConfigMap apiVersion: v1 metadata: diff --git a/deploy/default-backend.yaml b/deploy/default-backend.yaml index 19f7a1c08..39f78cde3 100644 --- a/deploy/default-backend.yaml +++ b/deploy/default-backend.yaml @@ -1,3 +1,5 @@ +--- + apiVersion: extensions/v1beta1 kind: Deployment metadata: diff --git a/deploy/mandatory.yaml b/deploy/mandatory.yaml new file mode 100644 index 000000000..23ebc1f02 --- /dev/null +++ b/deploy/mandatory.yaml @@ -0,0 +1,288 @@ +--- + +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx +--- + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + labels: + app: default-http-backend + namespace: ingress-nginx +spec: + replicas: 1 + selector: + matchLabels: + app: default-http-backend + template: + metadata: + labels: + app: default-http-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + # Any image is permissible as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.4 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- + +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: ingress-nginx + labels: + app: default-http-backend +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: default-http-backend +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-configuration + namespace: ingress-nginx + labels: + app: ingress-nginx +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: tcp-services + namespace: ingress-nginx +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: udp-services + namespace: ingress-nginx +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-ingress-clusterrole +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role + namespace: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-nisa-binding + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-ingress-clusterrole-nisa-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-clusterrole +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx +--- + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress-controller + namespace: ingress-nginx +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-nginx + template: + metadata: + labels: + app: ingress-nginx + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' + spec: + serviceAccountName: nginx-ingress-serviceaccount + containers: + - name: nginx-ingress-controller + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend + - --configmap=$(POD_NAMESPACE)/nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + - --annotations-prefix=nginx.ingress.kubernetes.io + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + runAsNonRoot: false diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml index 6878f0be8..022845631 100644 --- a/deploy/namespace.yaml +++ b/deploy/namespace.yaml @@ -1,3 +1,5 @@ +--- + apiVersion: v1 kind: Namespace metadata: diff --git a/deploy/provider/azure/service.yaml b/deploy/provider/cloud-generic.yaml similarity index 100% rename from deploy/provider/azure/service.yaml rename to deploy/provider/cloud-generic.yaml diff --git a/deploy/provider/docker-for-mac/service.yaml b/deploy/provider/docker-for-mac/service.yaml deleted file mode 100644 index 4b4868aef..000000000 --- a/deploy/provider/docker-for-mac/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ingress-nginx - namespace: ingress-nginx - labels: - app: ingress-nginx -spec: - type: LoadBalancer - selector: - app: ingress-nginx - ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https diff --git a/deploy/provider/gce-gke/service.yaml b/deploy/provider/gce-gke/service.yaml deleted file mode 100644 index 8d2f71505..000000000 --- a/deploy/provider/gce-gke/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ingress-nginx - namespace: ingress-nginx - labels: - app: ingress-nginx -spec: - externalTrafficPolicy: Local - type: LoadBalancer - selector: - app: ingress-nginx - ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https diff --git a/deploy/provider/patch-service-with-rbac.yaml b/deploy/provider/patch-service-with-rbac.yaml deleted file mode 100644 index f353664ae..000000000 --- a/deploy/provider/patch-service-with-rbac.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: nginx-ingress-controller - namespace: ingress-nginx -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-nginx - template: - metadata: - labels: - app: ingress-nginx - annotations: - prometheus.io/port: '10254' - prometheus.io/scrape: 'true' - spec: - serviceAccountName: nginx-ingress-serviceaccount - containers: - - name: nginx-ingress-controller - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - - --configmap=$(POD_NAMESPACE)/nginx-configuration - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --publish-service=$(POD_NAMESPACE)/ingress-nginx - - --annotations-prefix=nginx.ingress.kubernetes.io - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - runAsNonRoot: false diff --git a/deploy/provider/patch-service-without-rbac.yaml b/deploy/provider/patch-service-without-rbac.yaml deleted file mode 100644 index 7a4adab96..000000000 --- a/deploy/provider/patch-service-without-rbac.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: nginx-ingress-controller - namespace: ingress-nginx -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-nginx - template: - metadata: - labels: - app: ingress-nginx - annotations: - prometheus.io/port: '10254' - prometheus.io/scrape: 'true' - spec: - containers: - - name: nginx-ingress-controller - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - - --configmap=$(POD_NAMESPACE)/nginx-configuration - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --publish-service=$(POD_NAMESPACE)/ingress-nginx - - --annotations-prefix=nginx.ingress.kubernetes.io - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - runAsNonRoot: false diff --git a/deploy/publish-service-patch.yaml b/deploy/publish-service-patch.yaml deleted file mode 100644 index f8f52f772..000000000 --- a/deploy/publish-service-patch.yaml +++ /dev/null @@ -1,7 +0,0 @@ -[ - { - 'op': 'add', - 'path': '/spec/template/spec/containers/0/args/-', - 'value': '--publish-service=$(POD_NAMESPACE)/ingress-nginx' - } -] diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 301853216..81d922c99 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,3 +1,5 @@ +--- + apiVersion: v1 kind: ServiceAccount metadata: diff --git a/deploy/tcp-services-configmap.yaml b/deploy/tcp-services-configmap.yaml index a963085d3..f27f6ec35 100644 --- a/deploy/tcp-services-configmap.yaml +++ b/deploy/tcp-services-configmap.yaml @@ -1,3 +1,5 @@ +--- + kind: ConfigMap apiVersion: v1 metadata: diff --git a/deploy/udp-services-configmap.yaml b/deploy/udp-services-configmap.yaml index 1870931a2..ddf2fc7b2 100644 --- a/deploy/udp-services-configmap.yaml +++ b/deploy/udp-services-configmap.yaml @@ -1,3 +1,5 @@ +--- + kind: ConfigMap apiVersion: v1 metadata: diff --git a/deploy/with-rbac.yaml b/deploy/with-rbac.yaml index 6899d5d20..e5295d9f0 100644 --- a/deploy/with-rbac.yaml +++ b/deploy/with-rbac.yaml @@ -1,3 +1,5 @@ +--- + apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -26,6 +28,7 @@ spec: - --configmap=$(POD_NAMESPACE)/nginx-configuration - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --publish-service=$(POD_NAMESPACE)/ingress-nginx - --annotations-prefix=nginx.ingress.kubernetes.io env: - name: POD_NAME diff --git a/deploy/without-rbac.yaml b/deploy/without-rbac.yaml deleted file mode 100644 index 0308647cc..000000000 --- a/deploy/without-rbac.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: nginx-ingress-controller - namespace: ingress-nginx -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-nginx - template: - metadata: - labels: - app: ingress-nginx - annotations: - prometheus.io/port: '10254' - prometheus.io/scrape: 'true' - spec: - containers: - - name: nginx-ingress-controller - image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - - --configmap=$(POD_NAMESPACE)/nginx-configuration - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --annotations-prefix=nginx.ingress.kubernetes.io - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - runAsNonRoot: false diff --git a/docs/deploy/index.md b/docs/deploy/index.md index aa137c7de..df0489cb3 100644 --- a/docs/deploy/index.md +++ b/docs/deploy/index.md @@ -2,9 +2,7 @@ ## Contents -- [Mandatory commands](#mandatory-commands) -- [Install without RBAC roles](#install-without-rbac-roles) -- [Install with RBAC roles](#install-with-rbac-roles) +- [Mandatory command](#mandatory-command) - [Custom Provider](#custom-provider) - [Docker for Mac](#docker-for-mac) - [minikube](#minikube) @@ -15,48 +13,15 @@ - [Using Helm](#using-helm) - [Verify installation](#verify-installation) - [Detect installed version](#detect-installed-version) -- [Deploying the config-map](#deploying-the-config-map) ## Generic Deployment The following resources are required for a generic deployment. -### Mandatory commands +### Mandatory command ```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml \ - | kubectl apply -f - - -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml \ - | kubectl apply -f - - -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \ - | kubectl apply -f - - -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml \ - | kubectl apply -f - - -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml \ - | kubectl apply -f - -``` - -### Install without RBAC roles - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/without-rbac.yaml \ - | kubectl apply -f - -``` - -### Install with RBAC roles - -Please check the [RBAC](rbac.md) document. - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml \ - | kubectl apply -f - - -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml \ - | kubectl apply -f - +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml ``` ## Custom Service Provider Deployment @@ -71,18 +36,10 @@ channel][edge] and [enable Kubernetes][enable]. [edge]: https://docs.docker.com/docker-for-mac/install/ [enable]: https://docs.docker.com/docker-for-mac/#kubernetes -Patch the nginx ingress controller deployment to add the flag `--publish-service` - -```console -kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \ - --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)" -``` - Create a service ```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/docker-for-mac/service.yaml \ - | kubectl apply -f - +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml ``` ### minikube @@ -101,25 +58,8 @@ For development: $ minikube addons disable ingress ``` -2. Use the [docker daemon](https://github.com/kubernetes/minikube/blob/master/docs/reusing_the_docker_daemon.md) -3. [Build the image](../development.md) -4. Perform [Mandatory commands](#mandatory-commands) -5. Install the `nginx-ingress-controller` deployment [without RBAC roles](#install-without-rbac-roles) or [with RBAC roles](#install-with-rbac-roles) -6. Edit the `nginx-ingress-controller` deployment to use your custom image. Local images can be seen by performing `docker images`. - -```console -$ kubectl edit deployment nginx-ingress-controller -n ingress-nginx -``` - -edit the following section: - -```yaml -image: : -imagePullPolicy: IfNotPresent -name: nginx-ingress-controller -``` - -7. Confirm the `nginx-ingress-controller` deployment exists: +2. Execute `make dev-env` +3. Confirm the `nginx-ingress-controller` deployment exists: ```console $ kubectl get pods -n ingress-nginx @@ -141,13 +81,6 @@ This setup requires to choose in which layer (L4 or L7) we want to configure the - [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): use TCP as the listener protocol for ports 80 and 443. - [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): use HTTP as the listener protocol for port 80 and terminate TLS in the ELB -Patch the nginx ingress controller deployment to add the flag `--publish-service` - -```console -kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \ - --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)" -``` - For L4: ```console @@ -161,7 +94,7 @@ Change line of the file `provider/aws/service-l7.yaml` replacing the dummy id wi Then execute: ```console -kubectl apply -f provider/aws/service-l7.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l7.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml ``` @@ -169,18 +102,6 @@ This example creates an ELB with just two listeners, one in port 80 and another ![Listeners](../images/elb-l7-listener.png) -If the ingress controller uses RBAC run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml -``` - -If not run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml -``` - #### Network Load Balancer (NLB) This type of load balancer is supported since v1.10.0 as an ALPHA feature. @@ -189,70 +110,19 @@ This type of load balancer is supported since v1.10.0 as an ALPHA feature. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-nlb.yaml ``` -If the ingress controller uses RBAC run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml -``` - -If not run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml -``` - ### GCE - GKE -Patch the nginx ingress controller deployment to add the flag `--publish-service` - ```console -kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \ - --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)" -``` - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/gce-gke/service.yaml \ - | kubectl apply -f - -``` - -If the ingress controller uses RBAC run: - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml | kubectl apply -f - -``` - -If not run: - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml | kubectl apply -f - +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/cloud-generic.yaml ``` **Important Note:** proxy protocol is not supported in GCE/GKE ### Azure -Patch the nginx ingress controller deployment to add the flag `--publish-service` ```console -kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \ - --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)" -``` - -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/azure/service.yaml \ - | kubectl apply -f - -``` - -If the ingress controller uses RBAC run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml -``` - -If not run: - -```console -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/cloud-generic.yaml ``` **Important Note:** proxy protocol is not supported in GCE/GKE @@ -262,8 +132,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/mast Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport): ```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml \ - | kubectl apply -f - +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml ``` ## Using Helm @@ -301,21 +170,3 @@ POD_NAMESPACE=ingress-nginx POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app=ingress-nginx -o jsonpath={.items[0].metadata.name}) kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version ``` - -## Deploying the config-map - -A config map can be used to configure system components for the nginx-controller. In order to begin using a config-map -make sure it has been created and is being used in the deployment. - -It is created as seen in the [Mandatory Commands](#mandatory-commands) section above. -```console -curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \ - | kubectl apply -f - -``` - -and is setup to be used in the deployment [without-rbac](../deploy/without-rbac.yaml) or [with-rbac](../deploy/with-rbac.yaml) with the following line: -```yaml -- --configmap=$(POD_NAMESPACE)/nginx-configuration -``` - -For information on using the config-map, see its [user-guide](../user-guide/nginx-configuration/configmap.md). diff --git a/hack/build-dev-env.sh b/hack/build-dev-env.sh index 39994443e..6d0913d2b 100755 --- a/hack/build-dev-env.sh +++ b/hack/build-dev-env.sh @@ -30,13 +30,8 @@ echo "[dev-env] installing kubectl" kubectl version || brew install kubectl echo "[dev-env] deploying NGINX Ingress controller in namespace $NAMESPACE" -cat ./deploy/namespace.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/default-backend.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/configmap.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/tcp-services-configmap.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/udp-services-configmap.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/rbac.yaml | kubectl apply --namespace=$NAMESPACE -f - -cat ./deploy/with-rbac.yaml | kubectl apply --namespace=$NAMESPACE -f - +cat ./deploy/mandatory.yaml | kubectl apply --namespace=$NAMESPACE -f - +cat ./deploy/provider/baremetal/service-nodeport.yaml | kubectl apply --namespace=$NAMESPACE -f - echo "updating image..." kubectl set image \ diff --git a/hack/build-single-manifest-sh b/hack/build-single-manifest-sh new file mode 100755 index 000000000..886dcd6a0 --- /dev/null +++ b/hack/build-single-manifest-sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Copyright 2018 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/.. + +INPUT="namespace.yaml default-backend.yaml configmap.yaml tcp-services-configmap.yaml udp-services-configmap.yaml rbac.yaml with-rbac.yaml" +MANIFEST=$(cd ${SCRIPT_ROOT}/deploy; cat ${INPUT}) + +echo "${MANIFEST}" > ${SCRIPT_ROOT}/deploy/mandatory.yaml diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 91996774c..a75ae75f7 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -330,7 +330,7 @@ func (f *Framework) SetNginxConfigMapData(cmData map[string]string) error { return err } - time.Sleep(1 * time.Second) + time.Sleep(5 * time.Second) return err } diff --git a/test/e2e/lua/dynamic_configuration.go b/test/e2e/lua/dynamic_configuration.go index ace7d9aed..60d686584 100644 --- a/test/e2e/lua/dynamic_configuration.go +++ b/test/e2e/lua/dynamic_configuration.go @@ -227,10 +227,9 @@ var _ = framework.IngressNginxDescribe("Dynamic Configuration", func() { _, err = f.KubeClientSet.ExtensionsV1beta1().Ingresses(f.IngressController.Namespace).Update(ingress) Expect(err).ToNot(HaveOccurred()) - replicas := 2 - err = framework.UpdateDeployment(f.KubeClientSet, f.IngressController.Namespace, "http-svc", replicas, nil) + err = framework.UpdateDeployment(f.KubeClientSet, f.IngressController.Namespace, "http-svc", 2, nil) Expect(err).NotTo(HaveOccurred()) - time.Sleep(5 * time.Second) + time.Sleep(10 * time.Second) resp, body, errs := gorequest.New(). Get(fmt.Sprintf("%s?a-unique-request-uri", f.IngressController.HTTPURL)). diff --git a/test/e2e/up.sh b/test/e2e/up.sh index 5c5dfaf2f..86e460b99 100755 --- a/test/e2e/up.sh +++ b/test/e2e/up.sh @@ -21,13 +21,29 @@ curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$KUBE chmod +x kubectl && sudo mv kubectl /usr/local/bin/ echo "downloading minikube..." -curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.25.2/minikube-linux-amd64 && \ +curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && \ chmod +x minikube && \ sudo mv minikube /usr/local/bin/ echo "starting minikube..." # Using a lower value for sync-frequency to speed up the tests (during the cleanup of resources inside a namespace) -sudo minikube start --vm-driver=none --kubernetes-version=$KUBERNETES_VERSION --extra-config=kubelet.sync-frequency=1s + +export MINIKUBE_WANTUPDATENOTIFICATION=false +export MINIKUBE_WANTREPORTERRORPROMPT=false +export MINIKUBE_HOME=$HOME +mkdir $HOME/.kube || true +touch $HOME/.kube/config + +export KUBECONFIG=$HOME/.kube/config + +# --vm-driver=none, use host docker (avoid docker-in-docker) +# --bootstrapper=localkube, works around https://github.com/kubernetes/minikube/issues/2704 +sudo -E minikube start \ + --bootstrapper=localkube \ + --vm-driver=none \ + --kubernetes-version=$KUBERNETES_VERSION \ + --extra-config=kubelet.sync-frequency=1s \ + --extra-config=apiserver.authorization-mode=RBAC minikube update-context diff --git a/test/e2e/wait-for-nginx.sh b/test/e2e/wait-for-nginx.sh index 84cf78cbf..52b628af3 100755 --- a/test/e2e/wait-for-nginx.sh +++ b/test/e2e/wait-for-nginx.sh @@ -16,13 +16,9 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -NAMESPACE=$1 +export NAMESPACE=$1 echo "deploying NGINX Ingress controller in namespace $NAMESPACE" -cat $DIR/../manifests/ingress-controller/default-backend.yaml | kubectl create --namespace=$NAMESPACE -f - -cat $DIR/../manifests/ingress-controller/configmap.yaml | kubectl create --namespace=$NAMESPACE -f - -cat $DIR/../manifests/ingress-controller/tcp-services-configmap.yaml | kubectl create --namespace=$NAMESPACE -f - -cat $DIR/../manifests/ingress-controller/udp-services-configmap.yaml | kubectl create --namespace=$NAMESPACE -f - -cat $DIR/../manifests/ingress-controller/with-rbac.yaml | kubectl create --namespace=$NAMESPACE -f - -cat $DIR/../manifests/ingress-controller/service-nodeport.yaml | kubectl create --namespace=$NAMESPACE -f - +sed "s@\${NAMESPACE}@${NAMESPACE}@" $DIR/../manifests/ingress-controller/mandatory.yaml | kubectl apply --namespace=$NAMESPACE -f - +cat $DIR/../manifests/ingress-controller/service-nodeport.yaml | kubectl apply --namespace=$NAMESPACE -f - diff --git a/test/manifests/ingress-controller/configmap.yaml b/test/manifests/ingress-controller/configmap.yaml deleted file mode 100644 index 7e9a95052..000000000 --- a/test/manifests/ingress-controller/configmap.yaml +++ /dev/null @@ -1,6 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: nginx-configuration - labels: - app: ingress-nginx diff --git a/test/manifests/ingress-controller/default-backend.yaml b/test/manifests/ingress-controller/default-backend.yaml deleted file mode 100644 index d4245e3ef..000000000 --- a/test/manifests/ingress-controller/default-backend.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: default-http-backend - labels: - app: default-http-backend -spec: - replicas: 1 - selector: - matchLabels: - app: default-http-backend - template: - metadata: - labels: - app: default-http-backend - spec: - terminationGracePeriodSeconds: 60 - containers: - - name: default-http-backend - # Any image is permissible as long as: - # 1. It serves a 404 page at / - # 2. It serves 200 on a /healthz endpoint - image: gcr.io/google_containers/defaultbackend:1.4 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi ---- - -apiVersion: v1 -kind: Service -metadata: - name: default-http-backend - labels: - app: default-http-backend -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - app: default-http-backend diff --git a/test/manifests/ingress-controller/mandatory.yaml b/test/manifests/ingress-controller/mandatory.yaml new file mode 100644 index 000000000..a587627ef --- /dev/null +++ b/test/manifests/ingress-controller/mandatory.yaml @@ -0,0 +1,274 @@ +--- + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + labels: + app: default-http-backend +spec: + replicas: 1 + selector: + matchLabels: + app: default-http-backend + template: + metadata: + labels: + app: default-http-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + # Any image is permissible as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.4 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- + +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + labels: + app: default-http-backend +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: default-http-backend +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-configuration + labels: + app: ingress-nginx +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: tcp-services +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: udp-services +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-serviceaccount + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-ingress-clusterrole +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-nisa-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ${NAMESPACE} + +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-ingress-clusterrole-nisa-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-clusterrole +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ${NAMESPACE} +--- + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress-controller +spec: + replicas: 1 + selector: + matchLabels: + app: ingress-nginx + template: + metadata: + labels: + app: ingress-nginx + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' + spec: + terminationGracePeriodSeconds: 0 + serviceAccountName: nginx-ingress-serviceaccount + containers: + - name: nginx-ingress-controller + image: ingress-controller/nginx-ingress-controller:dev + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend + - --configmap=$(POD_NAMESPACE)/nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + - --annotations-prefix=nginx.ingress.kubernetes.io + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + runAsNonRoot: false diff --git a/test/manifests/ingress-controller/rbac.yaml b/test/manifests/ingress-controller/rbac.yaml deleted file mode 100644 index 16e131347..000000000 --- a/test/manifests/ingress-controller/rbac.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nginx-ingress-serviceaccount - ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: nginx-ingress-clusterrole -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "extensions" - resources: - - ingresses/status - verbs: - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: nginx-ingress-role -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: nginx-ingress-role-nisa-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nginx-ingress-role -subjects: - - kind: ServiceAccount - name: nginx-ingress-serviceaccount - ---- - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: nginx-ingress-clusterrole-nisa-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: nginx-ingress-clusterrole -subjects: - - kind: ServiceAccount - name: nginx-ingress-serviceaccount diff --git a/test/manifests/ingress-controller/tcp-services-configmap.yaml b/test/manifests/ingress-controller/tcp-services-configmap.yaml deleted file mode 100644 index f78b66128..000000000 --- a/test/manifests/ingress-controller/tcp-services-configmap.yaml +++ /dev/null @@ -1,4 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: tcp-services diff --git a/test/manifests/ingress-controller/udp-services-configmap.yaml b/test/manifests/ingress-controller/udp-services-configmap.yaml deleted file mode 100644 index 1740e7ff1..000000000 --- a/test/manifests/ingress-controller/udp-services-configmap.yaml +++ /dev/null @@ -1,4 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: udp-services diff --git a/test/manifests/ingress-controller/with-rbac.yaml b/test/manifests/ingress-controller/with-rbac.yaml deleted file mode 100644 index cb77f94a2..000000000 --- a/test/manifests/ingress-controller/with-rbac.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: nginx-ingress-controller -spec: - replicas: 1 - selector: - matchLabels: - app: ingress-nginx - template: - metadata: - labels: - app: ingress-nginx - spec: - terminationGracePeriodSeconds: 0 - #serviceAccountName: nginx-ingress-serviceaccount - containers: - - name: nginx-ingress-controller - image: ingress-controller/nginx-ingress-controller:dev - args: - - /nginx-ingress-controller - - --default-backend-service=$(POD_NAMESPACE)/default-http-backend - - --configmap=$(POD_NAMESPACE)/nginx-configuration - - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services - - --udp-services-configmap=$(POD_NAMESPACE)/udp-services - - --annotations-prefix=nginx.ingress.kubernetes.io - - --watch-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - name: http - containerPort: 80 - - name: https - containerPort: 443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - runAsNonRoot: false