DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/how-it-works/index.html
Gacko c1fc43640e Deploy GitHub Pages
2024-09-15 15:04:08 +00:00

1 line
No EOL
33 KiB
HTML
Raw Permalink Blame History

<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><link href=https://kubernetes.github.io/ingress-nginx/how-it-works/ rel=canonical><link rel=prev href=..><link href=../troubleshooting/ rel=next><link rel=icon href=../assets/images/favicon.png><meta name=generator content="mkdocs-1.5.3, mkdocs-material-9.4.5"><title>How it works - Ingress-Nginx Controller</title><link rel=stylesheet href=../assets/stylesheets/main.6a10b989.min.css><link rel=stylesheet href=../assets/stylesheets/palette.356b1318.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><link rel=stylesheet href=../extra.css><script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=teal data-md-color-accent=green> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#how-it-works class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <header class="md-header md-header--shadow md-header--lifted" data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=.. title="Ingress-Nginx Controller" class="md-header__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Ingress-Nginx Controller </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> How it works </span> </div> </div> </div> <label class="md-header__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </label> <nav class=md-search__options aria-label=Search> <button type=reset class="md-search__icon md-icon" title=Clear aria-label=Clear tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg> </button> </nav> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list role=presentation></ol> </div> </div> </div> </div> </div> <div class=md-header__source> <a href=https://github.com/kubernetes/ingress-nginx title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> </nav> <nav class=md-tabs aria-label=Tabs data-md-component=tabs> <div class=md-grid> <ul class=md-tabs__list> <li class="md-tabs__item md-tabs__item--active"> <a href=.. class=md-tabs__link> Welcome </a> </li> <li class=md-tabs__item> <a href=../deploy/ class=md-tabs__link> Deployment </a> </li> <li class=md-tabs__item> <a href=../user-guide/nginx-configuration/ class=md-tabs__link> User Guide </a> </li> <li class=md-tabs__item> <a href=../examples/ class=md-tabs__link> Examples </a> </li> <li class=md-tabs__item> <a href=../developer-guide/getting-started/ class=md-tabs__link> Developer Guide </a> </li> <li class=md-tabs__item> <a href=../faq/ class=md-tabs__link> FAQ </a> </li> </ul> </div> </nav> </header> <div class=md-container data-md-component=container> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=sidebar data-md-type=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=.. title="Ingress-Nginx Controller" class="md-nav__button md-logo" aria-label="Ingress-Nginx Controller" data-md-component=logo> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg> </a> Ingress-Nginx Controller </label> <div class=md-nav__source> <a href=https://github.com/kubernetes/ingress-nginx title="Go to repository" class=md-source data-md-component=source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><!-- Font Awesome Free 6.4.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class=md-source__repository> kubernetes/ingress-nginx </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_1 checked> <label class=md-nav__link for=__nav_1 id=__nav_1_label tabindex> <span class=md-ellipsis> Welcome </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_1_label aria-expanded=true> <label class=md-nav__title for=__nav_1> <span class="md-nav__icon md-icon"></span> Welcome </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=.. class=md-nav__link> <span class=md-ellipsis> Welcome </span> </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type=checkbox id=__toc> <label class="md-nav__link md-nav__link--active" for=__toc> <span class=md-ellipsis> How it works </span> <span class="md-nav__icon md-icon"></span> </label> <a href=./ class="md-nav__link md-nav__link--active"> <span class=md-ellipsis> How it works </span> </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#nginx-configuration class=md-nav__link> NGINX configuration </a> </li> <li class=md-nav__item> <a href=#nginx-model class=md-nav__link> NGINX model </a> </li> <li class=md-nav__item> <a href=#building-the-nginx-model class=md-nav__link> Building the NGINX model </a> </li> <li class=md-nav__item> <a href=#when-a-reload-is-required class=md-nav__link> When a reload is required </a> </li> <li class=md-nav__item> <a href=#avoiding-reloads class=md-nav__link> Avoiding reloads </a> <nav class=md-nav aria-label="Avoiding reloads"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#avoiding-reloads-on-endpoints-changes class=md-nav__link> Avoiding reloads on Endpoints changes </a> </li> <li class=md-nav__item> <a href=#avoiding-outage-from-wrong-configuration class=md-nav__link> Avoiding outage from wrong configuration </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../troubleshooting/ class=md-nav__link> <span class=md-ellipsis> Troubleshooting </span> </a> </li> <li class=md-nav__item> <a href=../kubectl-plugin/ class=md-nav__link> <span class=md-ellipsis> kubectl plugin </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_2> <label class=md-nav__link for=__nav_2 id=__nav_2_label tabindex> <span class=md-ellipsis> Deployment </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_2_label aria-expanded=false> <label class=md-nav__title for=__nav_2> <span class="md-nav__icon md-icon"></span> Deployment </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../deploy/ class=md-nav__link> <span class=md-ellipsis> Installation Guide </span> </a> </li> <li class=md-nav__item> <a href=../deploy/baremetal/ class=md-nav__link> <span class=md-ellipsis> Bare-metal considerations </span> </a> </li> <li class=md-nav__item> <a href=../deploy/rbac/ class=md-nav__link> <span class=md-ellipsis> Role Based Access Control (RBAC) </span> </a> </li> <li class=md-nav__item> <a href=../deploy/upgrade/ class=md-nav__link> <span class=md-ellipsis> Upgrade </span> </a> </li> <li class=md-nav__item> <a href=../deploy/hardening-guide/ class=md-nav__link> <span class=md-ellipsis> Hardening guide </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3> <label class=md-nav__link for=__nav_3 id=__nav_3_label tabindex> <span class=md-ellipsis> User Guide </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_3_label aria-expanded=false> <label class=md-nav__title for=__nav_3> <span class="md-nav__icon md-icon"></span> User Guide </label> <ul class=md-nav__list data-md-scrollfix> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3_1> <label class=md-nav__link for=__nav_3_1 id=__nav_3_1_label tabindex> <span class=md-ellipsis> NGINX Configuration </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_3_1_label aria-expanded=false> <label class=md-nav__title for=__nav_3_1> <span class="md-nav__icon md-icon"></span> NGINX Configuration </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/ class=md-nav__link> <span class=md-ellipsis> Introduction </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/basic-usage/ class=md-nav__link> <span class=md-ellipsis> Basic usage </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/annotations/ class=md-nav__link> <span class=md-ellipsis> Annotations </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/annotations-risk/ class=md-nav__link> <span class=md-ellipsis> Annotations Risks </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/configmap/ class=md-nav__link> <span class=md-ellipsis> ConfigMap </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/custom-template/ class=md-nav__link> <span class=md-ellipsis> Custom NGINX template </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/nginx-configuration/log-format/ class=md-nav__link> <span class=md-ellipsis> Log format </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../user-guide/cli-arguments/ class=md-nav__link> <span class=md-ellipsis> Command line arguments </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/custom-errors/ class=md-nav__link> <span class=md-ellipsis> Custom errors </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/default-backend/ class=md-nav__link> <span class=md-ellipsis> Default backend </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/exposing-tcp-udp-services/ class=md-nav__link> <span class=md-ellipsis> Exposing TCP and UDP services </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/fcgi-services/ class=md-nav__link> <span class=md-ellipsis> Exposing FCGI services </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/ingress-path-matching/ class=md-nav__link> <span class=md-ellipsis> Regular expressions in paths </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/external-articles/ class=md-nav__link> <span class=md-ellipsis> External Articles </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/miscellaneous/ class=md-nav__link> <span class=md-ellipsis> Miscellaneous </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/monitoring/ class=md-nav__link> <span class=md-ellipsis> Prometheus and Grafana installation </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/multiple-ingress/ class=md-nav__link> <span class=md-ellipsis> Multiple Ingress controllers </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/tls/ class=md-nav__link> <span class=md-ellipsis> TLS/HTTPS </span> </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_3_13> <label class=md-nav__link for=__nav_3_13 id=__nav_3_13_label tabindex> <span class=md-ellipsis> Third party addons </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_3_13_label aria-expanded=false> <label class=md-nav__title for=__nav_3_13> <span class="md-nav__icon md-icon"></span> Third party addons </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../user-guide/third-party-addons/modsecurity/ class=md-nav__link> <span class=md-ellipsis> ModSecurity Web Application Firewall </span> </a> </li> <li class=md-nav__item> <a href=../user-guide/third-party-addons/opentelemetry/ class=md-nav__link> <span class=md-ellipsis> OpenTelemetry </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4> <label class=md-nav__link for=__nav_4 id=__nav_4_label tabindex> <span class=md-ellipsis> Examples </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_4_label aria-expanded=false> <label class=md-nav__title for=__nav_4> <span class="md-nav__icon md-icon"></span> Examples </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/ class=md-nav__link> <span class=md-ellipsis> Introduction </span> </a> </li> <li class=md-nav__item> <a href=../examples/PREREQUISITES/ class=md-nav__link> <span class=md-ellipsis> Prerequisites </span> </a> </li> <li class=md-nav__item> <a href=../examples/affinity/cookie/ class=md-nav__link> <span class=md-ellipsis> Sticky Sessions </span> </a> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_4> <label class=md-nav__link for=__nav_4_4 id=__nav_4_4_label tabindex> <span class=md-ellipsis> Auth </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_4_label aria-expanded=false> <label class=md-nav__title for=__nav_4_4> <span class="md-nav__icon md-icon"></span> Auth </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/auth/basic/ class=md-nav__link> <span class=md-ellipsis> Basic Authentication </span> </a> </li> <li class=md-nav__item> <a href=../examples/auth/client-certs/ class=md-nav__link> <span class=md-ellipsis> Client Certificate Authentication </span> </a> </li> <li class=md-nav__item> <a href=../examples/auth/external-auth/ class=md-nav__link> <span class=md-ellipsis> External Basic Authentication </span> </a> </li> <li class=md-nav__item> <a href=../examples/auth/oauth-external-auth/ class=md-nav__link> <span class=md-ellipsis> External OAUTH Authentication </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_4_5> <label class=md-nav__link for=__nav_4_5 id=__nav_4_5_label tabindex> <span class=md-ellipsis> Customization </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=2 aria-labelledby=__nav_4_5_label aria-expanded=false> <label class=md-nav__title for=__nav_4_5> <span class="md-nav__icon md-icon"></span> Customization </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../examples/customization/configuration-snippets/ class=md-nav__link> <span class=md-ellipsis> Configuration Snippets </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-configuration/ class=md-nav__link> <span class=md-ellipsis> Custom Configuration </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-errors/ class=md-nav__link> <span class=md-ellipsis> Custom Errors </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/custom-headers/ class=md-nav__link> <span class=md-ellipsis> Custom Headers </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/external-auth-headers/ class=md-nav__link> <span class=md-ellipsis> External authentication </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/ssl-dh-param/ class=md-nav__link> <span class=md-ellipsis> Custom DH parameters for perfect forward secrecy </span> </a> </li> <li class=md-nav__item> <a href=../examples/customization/sysctl/ class=md-nav__link> <span class=md-ellipsis> Sysctl tuning </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../examples/docker-registry/ class=md-nav__link> <span class=md-ellipsis> Docker registry </span> </a> </li> <li class=md-nav__item> <a href=../examples/grpc/ class=md-nav__link> <span class=md-ellipsis> gRPC </span> </a> </li> <li class=md-nav__item> <a href=../examples/multi-tls/ class=md-nav__link> <span class=md-ellipsis> Multi TLS certificate termination </span> </a> </li> <li class=md-nav__item> <a href=../examples/rewrite/ class=md-nav__link> <span class=md-ellipsis> Rewrite </span> </a> </li> <li class=md-nav__item> <a href=../examples/static-ip/ class=md-nav__link> <span class=md-ellipsis> Static IPs </span> </a> </li> <li class=md-nav__item> <a href=../examples/tls-termination/ class=md-nav__link> <span class=md-ellipsis> TLS termination </span> </a> </li> <li class=md-nav__item> <a href=../examples/openpolicyagent/ class=md-nav__link> <span class=md-ellipsis> Open Policy Agent rules </span> </a> </li> <li class=md-nav__item> <a href=../examples/canary/ class=md-nav__link> <span class=md-ellipsis> Canary Deployments </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type=checkbox id=__nav_5> <label class=md-nav__link for=__nav_5 id=__nav_5_label tabindex> <span class=md-ellipsis> Developer Guide </span> <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav data-md-level=1 aria-labelledby=__nav_5_label aria-expanded=false> <label class=md-nav__title for=__nav_5> <span class="md-nav__icon md-icon"></span> Developer Guide </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../developer-guide/getting-started/ class=md-nav__link> <span class=md-ellipsis> Getting Started </span> </a> </li> <li class=md-nav__item> <a href=../developer-guide/code-overview/ class=md-nav__link> <span class=md-ellipsis> Code Overview </span> </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../faq/ class=md-nav__link> <span class=md-ellipsis> FAQ </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component=sidebar data-md-type=toc> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class=md-nav__title for=__toc> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class=md-nav__list data-md-component=toc data-md-scrollfix> <li class=md-nav__item> <a href=#nginx-configuration class=md-nav__link> NGINX configuration </a> </li> <li class=md-nav__item> <a href=#nginx-model class=md-nav__link> NGINX model </a> </li> <li class=md-nav__item> <a href=#building-the-nginx-model class=md-nav__link> Building the NGINX model </a> </li> <li class=md-nav__item> <a href=#when-a-reload-is-required class=md-nav__link> When a reload is required </a> </li> <li class=md-nav__item> <a href=#avoiding-reloads class=md-nav__link> Avoiding reloads </a> <nav class=md-nav aria-label="Avoiding reloads"> <ul class=md-nav__list> <li class=md-nav__item> <a href=#avoiding-reloads-on-endpoints-changes class=md-nav__link> Avoiding reloads on Endpoints changes </a> </li> <li class=md-nav__item> <a href=#avoiding-outage-from-wrong-configuration class=md-nav__link> Avoiding outage from wrong configuration </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class=md-content data-md-component=content> <article class="md-content__inner md-typeset"> <h1 id=how-it-works>How it works<a class=headerlink href=#how-it-works title="Permanent link"></a></h1> <p>The objective of this document is to explain how the Ingress-NGINX controller works, in particular how the NGINX model is built and why we need one.</p> <h2 id=nginx-configuration>NGINX configuration<a class=headerlink href=#nginx-configuration title="Permanent link"></a></h2> <p>The goal of this Ingress controller is the assembly of a configuration file (nginx.conf). The main implication of this requirement is the need to reload NGINX after any change in the configuration file. <em>Though it is important to note that we don't reload Nginx on changes that impact only an <code>upstream</code> configuration (i.e Endpoints change when you deploy your app)</em>. We use <a href=https://github.com/openresty/lua-nginx-module>lua-nginx-module</a> to achieve this. Check <a href=#avoiding-reloads-on-endpoints-changes>below</a> to learn more about how it's done.</p> <h2 id=nginx-model>NGINX model<a class=headerlink href=#nginx-model title="Permanent link"></a></h2> <p>Usually, a Kubernetes Controller utilizes the <a href=https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail>synchronization loop pattern</a> to check if the desired state in the controller is updated or a change is required. To this purpose, we need to build a model using different objects from the cluster, in particular (in no special order) Ingresses, Services, Endpoints, Secrets, and Configmaps to generate a point in time configuration file that reflects the state of the cluster.</p> <p>To get this object from the cluster, we use <a href=https://godoc.org/k8s.io/client-go/informers#NewFilteredSharedInformerFactory>Kubernetes Informers</a>, in particular, <code>FilteredSharedInformer</code>. These informers allow reacting to change in using <a href=https://godoc.org/k8s.io/client-go/tools/cache#ResourceEventHandlerFuncs>callbacks</a> to individual changes when a new object is added, modified or removed. Unfortunately, there is no way to know if a particular change is going to affect the final configuration file. Therefore on every change, we have to rebuild a new model from scratch based on the state of cluster and compare it to the current model. If the new model equals to the current one, then we avoid generating a new NGINX configuration and triggering a reload. Otherwise, we check if the difference is only about Endpoints. If so we then send the new list of Endpoints to a Lua handler running inside Nginx using HTTP POST request and again avoid generating a new NGINX configuration and triggering a reload. If the difference between running and new model is about more than just Endpoints we create a new NGINX configuration based on the new model, replace the current model and trigger a reload.</p> <p>One of the uses of the model is to avoid unnecessary reloads when there's no change in the state and to detect conflicts in definitions.</p> <p>The final representation of the NGINX configuration is generated from a <a href=https://github.com/kubernetes/ingress-nginx/blob/main/rootfs/etc/nginx/template/nginx.tmpl>Go template</a> using the new model as input for the variables required by the template.</p> <h2 id=building-the-nginx-model>Building the NGINX model<a class=headerlink href=#building-the-nginx-model title="Permanent link"></a></h2> <p>Building a model is an expensive operation, for this reason, the use of the synchronization loop is a must. By using a <a href=https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38>work queue</a> it is possible to not lose changes and remove the use of <a href=https://golang.org/pkg/sync/#Mutex>sync.Mutex</a> to force a single execution of the sync loop and additionally it is possible to create a time window between the start and end of the sync loop that allows us to discard unnecessary updates. It is important to understand that any change in the cluster could generate events that the informer will send to the controller and one of the reasons for the <a href=https://github.com/kubernetes/ingress-nginx/blob/main/internal/task/queue.go#L38>work queue</a>.</p> <p>Operations to build the model:</p> <ul> <li> <p>Order Ingress rules by <code>CreationTimestamp</code> field, i.e., old rules first.</p> </li> <li> <p>If the same path for the same host is defined in more than one Ingress, the oldest rule wins.</p> </li> <li>If more than one Ingress contains a TLS section for the same host, the oldest rule wins.</li> <li> <p>If multiple Ingresses define an annotation that affects the configuration of the Server block, the oldest rule wins.</p> </li> <li> <p>Create a list of NGINX Servers (per hostname)</p> </li> <li>Create a list of NGINX Upstreams</li> <li>If multiple Ingresses define different paths for the same host, the ingress controller will merge the definitions.</li> <li>Annotations are applied to all the paths in the Ingress.</li> <li>Multiple Ingresses can define different annotations. These definitions are not shared between Ingresses.</li> </ul> <h2 id=when-a-reload-is-required>When a reload is required<a class=headerlink href=#when-a-reload-is-required title="Permanent link"></a></h2> <p>The next list describes the scenarios when a reload is required:</p> <ul> <li>New Ingress Resource Created.</li> <li>TLS section is added to existing Ingress.</li> <li>Change in Ingress annotations that impacts more than just upstream configuration. For instance <code>load-balance</code> annotation does not require a reload.</li> <li>A path is added/removed from an Ingress.</li> <li>An Ingress, Service, Secret is removed.</li> <li>Some missing referenced object from the Ingress is available, like a Service or Secret.</li> <li>A Secret is updated.</li> </ul> <h2 id=avoiding-reloads>Avoiding reloads<a class=headerlink href=#avoiding-reloads title="Permanent link"></a></h2> <p>In some cases, it is possible to avoid reloads, in particular when there is a change in the endpoints, i.e., a pod is started or replaced. It is out of the scope of this Ingress controller to remove reloads completely. This would require an incredible amount of work and at some point makes no sense. This can change only if NGINX changes the way new configurations are read, basically, new changes do not replace worker processes.</p> <h3 id=avoiding-reloads-on-endpoints-changes>Avoiding reloads on Endpoints changes<a class=headerlink href=#avoiding-reloads-on-endpoints-changes title="Permanent link"></a></h3> <p>On every endpoint change the controller fetches endpoints from all the services it sees and generates corresponding Backend objects. It then sends these objects to a Lua handler running inside Nginx. The Lua code in turn stores those backends in a shared memory zone. Then for every request Lua code running in <a href=https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md><code>balancer_by_lua</code></a> context detects what endpoints it should choose upstream peer from and applies the configured load balancing algorithm to choose the peer. Then Nginx takes care of the rest. This way we avoid reloading Nginx on endpoint changes. <em>Note</em> that this includes annotation changes that affects only <code>upstream</code> configuration in Nginx as well.</p> <p>In a relatively big cluster with frequently deploying apps this feature saves significant number of Nginx reloads which can otherwise affect response latency, load balancing quality (after every reload Nginx resets the state of load balancing) and so on.</p> <h3 id=avoiding-outage-from-wrong-configuration>Avoiding outage from wrong configuration<a class=headerlink href=#avoiding-outage-from-wrong-configuration title="Permanent link"></a></h3> <p>Because the ingress controller works using the <a href=https://coreos.com/kubernetes/docs/latest/replication-controller.html#the-reconciliation-loop-in-detail>synchronization loop pattern</a>, it is applying the configuration for all matching objects. In case some Ingress objects have a broken configuration, for example a syntax error in the <code>nginx.ingress.kubernetes.io/configuration-snippet</code> annotation, the generated configuration becomes invalid, does not reload and hence no more ingresses will be taken into account.</p> <p>To prevent this situation to happen, the Ingress-Nginx Controller optionally exposes a <a href=https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook>validating admission webhook server</a> to ensure the validity of incoming ingress objects. This webhook appends the incoming ingress objects to the list of ingresses, generates the configuration and calls nginx to ensure the configuration has no syntax errors.</p> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> </div> </div> </footer> </div> <div class=md-dialog data-md-component=dialog> <div class="md-dialog__inner md-typeset"></div> </div> <script id=__config type=application/json>{"base": "..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.instant", "navigation.sections"], "search": "../assets/javascripts/workers/search.f886a092.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src=../assets/javascripts/bundle.aecac24b.min.js></script> </body> </html>
Reference in a new issue View git blame Copy permalink