diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md
index 33f6abc1b2..e8ffd81fff 100644
--- a/controllers/nginx/configuration.md
+++ b/controllers/nginx/configuration.md
@@ -127,7 +127,7 @@ The secret must be created in the same namespace as the Ingress rule.
ingress.kubernetes.io/auth-realm: "realm string"
```
-Please check the [auth](examples/auth/README.md) example.
+Please check the [auth](/examples/auth/nginx/README.md) example.
### Certificate Authentication
@@ -147,7 +147,7 @@ ingress.kubernetes.io/auth-tls-verify-depth
The validation depth between the provided client certificate and the Certification Authority chain.
-Please check the [tls-auth](examples/auth/client-certs/README.md) example.
+Please check the [tls-auth](/examples/auth/client-certs/nginx/README.md) example.
### Enable CORS
@@ -164,7 +164,7 @@ Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specif
ingress.kubernetes.io/auth-url: "URL to the authentication service"
```
-Please check the [external-auth](examples/external-auth/README.md) example.
+Please check the [external-auth](/examples/auth/external-auth/nginx/README.md) example.
### Rewrite
@@ -210,7 +210,7 @@ To configure this setting globally for all Ingress rules, the `whitelist-source-
*Note:* Adding an annotation to an Ingress rule overrides any global restriction.
-Please check the [whitelist](examples/affinity/cookie/nginx/README.md) example.
+Please check the [whitelist](/examples/affinity/cookie/nginx/README.md) example.
### Session Affinity
@@ -224,7 +224,7 @@ If you use the ``cookie`` type you can also specify the name of the cookie that
In case of NGINX the annotation `ingress.kubernetes.io/session-cookie-hash` defines which algorithm will be used to 'hash' the used upstream. Default value is `md5` and possible values are `md5`, `sha1` and `index`.
The `index` option is not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter Warning: the matching against upstream servers list is inconsistent. So, at reload, if upstreams servers has changed, index values are not guaranted to correspond to the same server as before! USE IT WITH CAUTION and only if you need to!
-In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here]https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf
+In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf)
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 6f474692d7..ab12588bdd 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -255,7 +255,7 @@ spec:
spec:
terminationGracePeriodSeconds: 60
containers:
- - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0
+ - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
name: ingress-nginx
imagePullPolicy: Always
ports:
diff --git a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
index d4f18bd0cd..23cac7b494 100644
--- a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
+++ b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
@@ -6,7 +6,7 @@ metadata:
ingress.kubernetes.io/auth-tls-secret: "default/caingress"
ingress.kubernetes.io/auth-tls-verify-depth: "3"
kubernetes.io/ingress.class: "nginx"
- name: nginx-test
+ name: nginx-test
namespace: default
spec:
rules:
diff --git a/examples/auth/external-auth/nginx/README.md b/examples/auth/external-auth/nginx/README.md
new file mode 100644
index 0000000000..db522c1d2f
--- /dev/null
+++ b/examples/auth/external-auth/nginx/README.md
@@ -0,0 +1,148 @@
+# External authentication
+
+### Example 1:
+
+Use an external service (Basic Auth) located in `https://httpbin.org`
+
+```
+$ kubectl create -f ingress.yaml
+ingress "external-auth" created
+$ kubectl get ing external-auth
+NAME HOSTS ADDRESS PORTS AGE
+external-auth external-auth-01.sample.com 172.17.4.99 80 13s
+$ kubectl get ing external-auth -o yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ ingress.kubernetes.io/auth-url: https://httpbin.org/basic-auth/user/passwd
+ creationTimestamp: 2016-10-03T13:50:35Z
+ generation: 1
+ name: external-auth
+ namespace: default
+ resourceVersion: "2068378"
+ selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/external-auth
+ uid: 5c388f1d-8970-11e6-9004-080027d2dc94
+spec:
+ rules:
+ - host: external-auth-01.sample.com
+ http:
+ paths:
+ - backend:
+ serviceName: echoheaders
+ servicePort: 80
+ path: /
+status:
+ loadBalancer:
+ ingress:
+ - ip: 172.17.4.99
+$
+```
+
+Test 1: no username/password (expect code 401)
+```
+$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com'
+* Rebuilt URL to: http://172.17.4.99/
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 401 Unauthorized
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:52:08 GMT
+< Content-Type: text/html
+< Content-Length: 195
+< Connection: keep-alive
+< WWW-Authenticate: Basic realm="Fake Realm"
+<
+
+401 Authorization Required
+
+401 Authorization Required
+
nginx/1.11.3
+
+
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+Test 2: valid username/password (expect code 200)
+```
+$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:passwd'
+* Rebuilt URL to: http://172.17.4.99/
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+* Server auth using Basic with user 'user'
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> Authorization: Basic dXNlcjpwYXNzd2Q=
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 200 OK
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:52:50 GMT
+< Content-Type: text/plain
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+<
+CLIENT VALUES:
+client_address=10.2.60.2
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://external-auth-01.sample.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.9.11 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+authorization=Basic dXNlcjpwYXNzd2Q=
+connection=close
+host=external-auth-01.sample.com
+user-agent=curl/7.50.1
+x-forwarded-for=10.2.60.1
+x-forwarded-host=external-auth-01.sample.com
+x-forwarded-port=80
+x-forwarded-proto=http
+x-real-ip=10.2.60.1
+BODY:
+* Connection #0 to host 172.17.4.99 left intact
+-no body in request-
+```
+
+Test 3: invalid username/password (expect code 401)
+```
+curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:user'
+* Rebuilt URL to: http://172.17.4.99/
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+* Server auth using Basic with user 'user'
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> Authorization: Basic dXNlcjp1c2Vy
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 401 Unauthorized
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:53:04 GMT
+< Content-Type: text/html
+< Content-Length: 195
+< Connection: keep-alive
+* Authentication problem. Ignoring this.
+< WWW-Authenticate: Basic realm="Fake Realm"
+<
+
+401 Authorization Required
+
+401 Authorization Required
+
nginx/1.11.3
+
+
+* Connection #0 to host 172.17.4.99 left intact
+```
diff --git a/examples/auth/external-auth/nginx/ingress.yaml b/examples/auth/external-auth/nginx/ingress.yaml
new file mode 100644
index 0000000000..1cf779ce29
--- /dev/null
+++ b/examples/auth/external-auth/nginx/ingress.yaml
@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ ingress.kubernetes.io/auth-url: "https://httpbin.org/basic-auth/user/passwd"
+ name: external-auth
+spec:
+ rules:
+ - host: external-auth-01.sample.com
+ http:
+ paths:
+ - backend:
+ serviceName: echoheaders
+ servicePort: 80
+ path: /
\ No newline at end of file
diff --git a/examples/customization/custom-errors/nginx/README.md b/examples/customization/custom-errors/nginx/README.md
new file mode 100644
index 0000000000..2f79388d5f
--- /dev/null
+++ b/examples/customization/custom-errors/nginx/README.md
@@ -0,0 +1,82 @@
+This example shows how is possible to use a custom backend to render custom error pages. The code of this example is located here [nginx-debug-server](https://github.com/aledbf/contrib/tree/nginx-debug-server)
+
+
+The idea is to use the headers `X-Code` and `X-Format` that NGINX pass to the backend in case of an error to find out the best existent representation of the response to be returned. i.e. if the request contains an `Accept` header of type `json` the error should be in that format and not in `html` (the default in NGINX).
+
+First create the custom backend to use in the Ingress controller
+
+```
+$ kubectl create -f custom-default-backend.yaml
+service "nginx-errors" created
+replicationcontroller "nginx-errors" created
+```
+
+```
+$ kubectl get svc
+NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+echoheaders 10.3.0.7 nodes 80/TCP 23d
+kubernetes 10.3.0.1 443/TCP 34d
+nginx-errors 10.3.0.102 80/TCP 11s
+```
+
+```
+$ kubectl get rc
+CONTROLLER REPLICAS AGE
+echoheaders 1 19d
+nginx-errors 1 19s
+```
+
+Next create the Ingress controller executing
+```
+$ kubectl create -f rc-custom-errors.yaml
+```
+
+Now to check if this is working we use curl:
+
+```
+$ curl -v http://172.17.4.99/
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: 172.17.4.99
+> User-Agent: curl/7.43.0
+> Accept: */*
+>
+< HTTP/1.1 404 Not Found
+< Server: nginx/1.10.0
+< Date: Wed, 04 May 2016 02:53:45 GMT
+< Content-Type: text/html
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+< Vary: Accept-Encoding
+<
+The page you're looking for could not be found.
+
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+Specifying json as expected format:
+
+```
+$ curl -v http://172.17.4.99/ -H 'Accept: application/json'
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: 172.17.4.99
+> User-Agent: curl/7.43.0
+> Accept: application/json
+>
+< HTTP/1.1 404 Not Found
+< Server: nginx/1.10.0
+< Date: Wed, 04 May 2016 02:54:00 GMT
+< Content-Type: text/html
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+< Vary: Accept-Encoding
+<
+{ "message": "The page you're looking for could not be found" }
+
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+By default the Ingress controller provides support for `html`, `json` and `XML`.
diff --git a/examples/customization/custom-errors/nginx/custom-default-backend.yaml b/examples/customization/custom-errors/nginx/custom-default-backend.yaml
new file mode 100644
index 0000000000..fce7c0bcba
--- /dev/null
+++ b/examples/customization/custom-errors/nginx/custom-default-backend.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx-errors
+ labels:
+ app: nginx-errors
+spec:
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: nginx-errors
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: nginx-errors
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: nginx-errors
+ spec:
+ containers:
+ - name: nginx-errors
+ image: aledbf/nginx-error-server:0.1
+ ports:
+ - containerPort: 80
\ No newline at end of file
diff --git a/examples/customization/custom-errors/nginx/rc-custom-errors.yaml b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml
new file mode 100644
index 0000000000..d26dcbd5e3
--- /dev/null
+++ b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: nginx-ingress-controller
+ labels:
+ k8s-app: nginx-ingress-lb
+spec:
+ replicas: 1
+ selector:
+ k8s-app: nginx-ingress-lb
+ template:
+ metadata:
+ labels:
+ k8s-app: nginx-ingress-lb
+ name: nginx-ingress-lb
+ spec:
+ terminationGracePeriodSeconds: 60
+ containers:
+ - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
+ name: nginx-ingress-lb
+ imagePullPolicy: Always
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ timeoutSeconds: 1
+ # use downward API
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ ports:
+ - containerPort: 80
+ hostPort: 80
+ - containerPort: 443
+ hostPort: 443
+ args:
+ - /nginx-ingress-controller
+ - --default-backend-service=$(POD_NAMESPACE)/nginx-errors
diff --git a/examples/customization/custom-template/README.md b/examples/customization/custom-template/README.md
new file mode 100644
index 0000000000..d2b223b51f
--- /dev/null
+++ b/examples/customization/custom-template/README.md
@@ -0,0 +1,8 @@
+This example shows how is possible to use a custom template
+
+First create a configmap with a template inside running:
+```
+kubectl create configmap nginx-template --from-file=nginx.tmpl=../../nginx.tmpl
+```
+
+Next create the rc `kubectl create -f custom-template.yaml`
diff --git a/examples/customization/custom-template/custom-template.yaml b/examples/customization/custom-template/custom-template.yaml
new file mode 100644
index 0000000000..168b56b50e
--- /dev/null
+++ b/examples/customization/custom-template/custom-template.yaml
@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: nginx-ingress-controller
+ labels:
+ k8s-app: nginx-ingress-lb
+spec:
+ replicas: 1
+ selector:
+ k8s-app: nginx-ingress-lb
+ template:
+ metadata:
+ labels:
+ k8s-app: nginx-ingress-lb
+ name: nginx-ingress-lb
+ spec:
+ terminationGracePeriodSeconds: 60
+ containers:
+ - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
+ name: nginx-ingress-lb
+ imagePullPolicy: Always
+ readinessProbe:
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 10254
+ scheme: HTTP
+ initialDelaySeconds: 10
+ timeoutSeconds: 1
+ # use downward API
+ env:
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ ports:
+ - containerPort: 80
+ hostPort: 80
+ - containerPort: 443
+ hostPort: 443
+ args:
+ - /nginx-ingress-controller
+ - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
+ volumeMounts:
+ - mountPath: /etc/nginx/template
+ name: nginx-template-volume
+ readOnly: true
+ volumes:
+ - name: nginx-template-volume
+ configMap:
+ name: nginx-template
+ items:
+ - key: nginx.tmpl
+ path: nginx.tmpl
diff --git a/examples/customization/custom-upstream-check/README.md b/examples/customization/custom-upstream-check/README.md
new file mode 100644
index 0000000000..de81c40ff5
--- /dev/null
+++ b/examples/customization/custom-upstream-check/README.md
@@ -0,0 +1,45 @@
+This example shows how is possible to create a custom configuration for a particular upstream associated with an Ingress rule.
+
+```
+echo "
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: echoheaders
+ annotations:
+ ingress.kubernetes.io/upstream-fail-timeout: "30"
+spec:
+ rules:
+ - host: foo.bar.com
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: echoheaders
+ servicePort: 80
+" | kubectl create -f -
+```
+
+Check the annotation is present in the Ingress rule:
+```
+kubectl get ingress echoheaders -o yaml
+```
+
+Check the NGINX configuration is updated using kubectl or the status page:
+
+```
+$ kubectl exec nginx-ingress-controller-v1ppm cat /etc/nginx/nginx.conf
+```
+
+```
+....
+ upstream default-echoheaders-x-80 {
+ least_conn;
+ server 10.2.92.2:8080 max_fails=5 fail_timeout=30;
+
+ }
+....
+```
+
+
+
diff --git a/examples/customization/custom-upstream-check/custom-upstream.png b/examples/customization/custom-upstream-check/custom-upstream.png
new file mode 100644
index 0000000000..30417894bf
Binary files /dev/null and b/examples/customization/custom-upstream-check/custom-upstream.png differ
diff --git a/examples/multi-tls/README.md b/examples/multi-tls/README.md
new file mode 100644
index 0000000000..ef4cd65bb6
--- /dev/null
+++ b/examples/multi-tls/README.md
@@ -0,0 +1,94 @@
+# Multi TLS certificate termination
+
+This examples uses 2 different certificates to terminate SSL for 2 hostnames.
+
+1. Deploy the controller by creating the rc in the parent dir
+2. Create tls secrets for foo.bar.com and bar.baz.com as indicated in the yaml
+3. Create multi-tls.yaml
+
+This should generate a segment like:
+```console
+$ kubectl exec -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf | grep "foo.bar.com" -B 7 -A 35
+ server {
+ listen 80;
+ listen 443 ssl http2;
+ ssl_certificate /etc/nginx-ssl/default-foobar.pem;
+ ssl_certificate_key /etc/nginx-ssl/default-foobar.pem;
+
+
+ server_name foo.bar.com;
+
+
+ if ($scheme = http) {
+ return 301 https://$host$request_uri;
+ }
+
+
+
+ location / {
+ proxy_set_header Host $host;
+
+ # Pass Real IP
+ proxy_set_header X-Real-IP $remote_addr;
+
+ # Allow websocket connections
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Proto $pass_access_scheme;
+
+ proxy_connect_timeout 5s;
+ proxy_send_timeout 60s;
+ proxy_read_timeout 60s;
+
+ proxy_redirect off;
+ proxy_buffering off;
+
+ proxy_http_version 1.1;
+
+ proxy_pass http://default-echoheaders-80;
+ }
+```
+
+And you should be able to reach your nginx service or echoheaders service using a hostname switch:
+```console
+$ kubectl get ing
+NAME RULE BACKEND ADDRESS AGE
+foo-tls - 104.154.30.67 13m
+ foo.bar.com
+ / echoheaders:80
+ bar.baz.com
+ / nginx:80
+
+$ curl https://104.154.30.67 -H 'Host:foo.bar.com' -k
+CLIENT VALUES:
+client_address=10.245.0.6
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://foo.bar.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.9.11 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+connection=close
+host=foo.bar.com
+user-agent=curl/7.35.0
+x-forwarded-for=10.245.0.1
+x-forwarded-host=foo.bar.com
+x-forwarded-proto=https
+
+$ curl https://104.154.30.67 -H 'Host:bar.baz.com' -k
+
+
+
+Welcome to nginx on Debian!
+
+$ curl 104.154.30.67
+default backend - 404
+```
\ No newline at end of file
diff --git a/examples/multi-tls/multi-tls.yaml b/examples/multi-tls/multi-tls.yaml
new file mode 100644
index 0000000000..f65feffaf4
--- /dev/null
+++ b/examples/multi-tls/multi-tls.yaml
@@ -0,0 +1,102 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx
+ labels:
+ app: nginx
+spec:
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: nginx
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: nginx
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: gcr.io/google_containers/nginx
+ ports:
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: echoheaders
+ labels:
+ app: echoheaders
+spec:
+ ports:
+ - port: 80
+ targetPort: 8080
+ protocol: TCP
+ name: http
+ selector:
+ app: echoheaders
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: echoheaders
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: echoheaders
+ spec:
+ containers:
+ - name: echoheaders
+ image: gcr.io/google_containers/echoserver:1.4
+ ports:
+ - containerPort: 8080
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: foo-tls
+ namespace: default
+spec:
+ tls:
+ - hosts:
+ - foo.bar.com
+ # This secret must exist beforehand
+ # The cert must also contain the subj-name foo.bar.com
+ # You can create it via:
+ # make keys secret SECRET=/tmp/foobar.json HOST=foo.bar.com NAME=foobar
+ # https://github.com/kubernetes/contrib/tree/master/ingress/controllers/gce/https_example
+ secretName: foobar
+ - hosts:
+ - bar.baz.com
+ # This secret must exist beforehand
+ # The cert must also contain the subj-name bar.baz.com
+ # You can create it via:
+ # make keys secret SECRET=/tmp/barbaz.json HOST=bar.baz.com NAME=barbaz
+ # https://github.com/kubernetes/contrib/tree/master/ingress/controllers/gce/https_example
+ secretName: barbaz
+ rules:
+ - host: foo.bar.com
+ http:
+ paths:
+ - backend:
+ serviceName: echoheaders
+ servicePort: 80
+ path: /
+ - host: bar.baz.com
+ http:
+ paths:
+ - backend:
+ serviceName: nginx
+ servicePort: 80
+ path: /
\ No newline at end of file
diff --git a/examples/rewrite/README.md b/examples/rewrite/README.md
new file mode 100644
index 0000000000..a878d52ea7
--- /dev/null
+++ b/examples/rewrite/README.md
@@ -0,0 +1,66 @@
+Create an Ingress rule with a rewrite annotation:
+```
+$ echo "
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ ingress.kubernetes.io/rewrite-target: /
+ name: rewrite
+ namespace: default
+spec:
+ rules:
+ - host: rewrite.bar.com
+ http:
+ paths:
+ - backend:
+ serviceName: echoheaders
+ servicePort: 80
+ path: /something
+" | kubectl create -f -
+```
+
+Check the rewrite is working
+
+```
+$ curl -v http://172.17.4.99/something -H 'Host: rewrite.bar.com'
+* Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET /something HTTP/1.1
+> Host: rewrite.bar.com
+> User-Agent: curl/7.43.0
+> Accept: */*
+>
+< HTTP/1.1 200 OK
+< Server: nginx/1.11.0
+< Date: Tue, 31 May 2016 16:07:31 GMT
+< Content-Type: text/plain
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+<
+CLIENT VALUES:
+client_address=10.2.56.9
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://rewrite.bar.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.9.11 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+connection=close
+host=rewrite.bar.com
+user-agent=curl/7.43.0
+x-forwarded-for=10.2.56.1
+x-forwarded-host=rewrite.bar.com
+x-forwarded-port=80
+x-forwarded-proto=http
+x-real-ip=10.2.56.1
+BODY:
+* Connection #0 to host 172.17.4.99 left intact
+-no body in request-
+```
+