-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #103 from luxas/to_deployments
Update the nginx controller manifests
- Loading branch information
Showing
5 changed files
with
194 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Deploying the Nginx Ingress controller on kubeadm clusters | ||
|
||
This example aims to demonstrate the deployment of an nginx ingress controller with kubeadm, | ||
and is nearly the same as the the example above, but here the Ingress Controller is using | ||
`hostNetwork: true` until the CNI kubelet networking plugin is compatible with `hostPort` | ||
(see issue: [kubernetes/kubernetes#31307](https://github.com/kubernetes/kubernetes/issues/31307)) | ||
|
||
## Default Backend | ||
|
||
The default backend is a Service capable of handling all url paths and hosts the | ||
nginx controller doesn't understand. This most basic implementation just returns | ||
a 404 page. | ||
|
||
## Controller | ||
|
||
The Nginx Ingress Controller uses nginx (surprisingly!) to loadbalance requests that are coming to | ||
ports 80 and 443 to Services in the cluster. | ||
|
||
```console | ||
$ kubectl apply -f https://rawgit.com/kubernetes/ingress/master/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml | ||
deployment "default-http-backend" created | ||
service "default-http-backend" created | ||
deployment "nginx-ingress-controller" created | ||
``` | ||
|
||
Note the default settings of this controller: | ||
* serves a `/healthz` url on port 10254, as both a liveness and readiness probe | ||
* automatically deploys the `gcr.io/google_containers/defaultbackend:1.0` image for serving 404 requests. | ||
|
||
At its current state, it only supports running on `amd64` nodes. | ||
|
||
## Running on a cloud provider | ||
|
||
If you're running this ingress controller on a cloudprovider, you should assume | ||
the provider also has a native Ingress controller and set the annotation | ||
`kubernetes.io/ingress.class: nginx` in all Ingresses meant for this controller. | ||
You might also need to open a firewall-rule for ports 80/443 of the nodes the | ||
controller is running on. |
105 changes: 105 additions & 0 deletions
105
examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
apiVersion: extensions/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: default-http-backend | ||
labels: | ||
k8s-app: default-http-backend | ||
namespace: kube-system | ||
spec: | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
k8s-app: default-http-backend | ||
spec: | ||
terminationGracePeriodSeconds: 60 | ||
containers: | ||
- name: default-http-backend | ||
# Any image is permissable as long as: | ||
# 1. It serves a 404 page at / | ||
# 2. It serves 200 on a /healthz endpoint | ||
image: gcr.io/google_containers/defaultbackend:1.0 | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 8080 | ||
scheme: HTTP | ||
initialDelaySeconds: 30 | ||
timeoutSeconds: 5 | ||
ports: | ||
- containerPort: 8080 | ||
resources: | ||
limits: | ||
cpu: 10m | ||
memory: 20Mi | ||
requests: | ||
cpu: 10m | ||
memory: 20Mi | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: default-http-backend | ||
namespace: kube-system | ||
labels: | ||
k8s-app: default-http-backend | ||
spec: | ||
ports: | ||
- port: 80 | ||
targetPort: 8080 | ||
selector: | ||
k8s-app: default-http-backend | ||
--- | ||
apiVersion: extensions/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: nginx-ingress-controller | ||
labels: | ||
k8s-app: nginx-ingress-controller | ||
namespace: kube-system | ||
spec: | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
k8s-app: nginx-ingress-controller | ||
spec: | ||
# hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration | ||
# however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host | ||
# that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used | ||
# like with kubeadm | ||
hostNetwork: true | ||
terminationGracePeriodSeconds: 60 | ||
containers: | ||
- image: gcr.io/google_containers/nginx-ingress-controller:0.8.3 | ||
name: nginx-ingress-controller | ||
imagePullPolicy: Always | ||
readinessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 10254 | ||
scheme: HTTP | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: 10254 | ||
scheme: HTTP | ||
initialDelaySeconds: 10 | ||
timeoutSeconds: 1 | ||
ports: | ||
- containerPort: 80 | ||
hostPort: 80 | ||
- containerPort: 443 | ||
hostPort: 443 | ||
env: | ||
- name: POD_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.name | ||
- name: POD_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
args: | ||
- /nginx-ingress-controller | ||
- --default-backend-service=$(POD_NAMESPACE)/default-http-backend |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters