richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3141 Commits
30 Branches
81 Tags
149 MiB
Tree: 728024e8ff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '728024e8ff'
${ noResults }
kubespray/roles/kubernetes-apps/ingress_controller/ingress_nginx/README.md

283 lines
9.1 KiB
Raw Normal View History

Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray
6 years ago
  1. Installation Guide
  2. ==================
  4. Contents
  5. --------
  7. - [Mandatory commands](#mandatory-commands)
  8. - [Install without RBAC roles](#install-without-rbac-roles)
  9. - [Install with RBAC roles](#install-with-rbac-roles)
  10. - [Custom Provider](#custom-provider)
  11. - [minikube](#minikube)
  12. - [AWS](#aws)
  13. - [GCE - GKE](#gce---gke)
  14. - [Azure](#azure)
  15. - [Baremetal](#baremetal)
  16. - [Using Helm](#using-helm)
  17. - [Verify installation](#verify-installation)
  18. - [Detect installed version](#detect-installed-version)
  19. - [Deploying the config-map](#deploying-the-config-map)
  21. Generic Deployment
  22. ------------------
  24. The following resources are required for a generic deployment.
  26. ### Mandatory commands
  28. ``` console
  29. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml \
  30. | kubectl apply -f -
  32. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml \
  33. | kubectl apply -f -
  35. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \
  36. | kubectl apply -f -
  38. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml \
  39. | kubectl apply -f -
  41. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml \
  42. | kubectl apply -f -
  43. ```
  45. ### Install without RBAC roles
  47. ``` console
  48. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/without-rbac.yaml \
  49. | kubectl apply -f -
  50. ```
  52. ### Install with RBAC roles
  54. Please check the [RBAC](rbac.md) document.
  56. ``` console
  57. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml \
  58. | kubectl apply -f -
  60. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml \
  61. | kubectl apply -f -
  62. ```
  64. Custom Service Provider Deployment
  65. ----------------------------------
  67. There are cloud provider specific yaml files.
  69. ### minikube
  71. For standard usage:
  73. ``` console
  74. minikube addons enable ingress
  75. ```
  77. For development:
  79. 1. Disable the ingress addon:
  81. ``` console
  82. $ minikube addons disable ingress
  83. ```
  85. 2. Use the [docker daemon](https://github.com/kubernetes/minikube/blob/master/docs/reusing_the_docker_daemon.md)
  86. 3. [Build the image](../docs/development.md)
  87. 4. Perform [Mandatory commands](#mandatory-commands)
  88. 5. Install the `nginx-ingress-controller` deployment [without RBAC roles](#install-without-rbac-roles) or [with RBAC roles](#install-with-rbac-roles)
  89. 6. Edit the `nginx-ingress-controller` deployment to use your custom image. Local images can be seen by performing `docker images`.
  91. ``` console
  92. $ kubectl edit deployment nginx-ingress-controller -n ingress-nginx
  93. ```
  95. edit the following section:
  97. ``` yaml
  98. image: <IMAGE-NAME>:<TAG>
  99. imagePullPolicy: IfNotPresent
  100. name: nginx-ingress-controller
  101. ```
  103. 7. Confirm the `nginx-ingress-controller` deployment exists:
  105. ``` console
  106. $ kubectl get pods -n ingress-nginx
  107. NAME READY STATUS RESTARTS AGE
  108. default-http-backend-66b447d9cf-rrlf9 1/1 Running 0 12s
  109. nginx-ingress-controller-fdcdcd6dd-vvpgs 1/1 Running 0 11s
  110. ```
  112. ### AWS
  114. In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of `Type=LoadBalancer`.
  115. This setup requires to choose in which layer (L4 or L7) we want to configure the ELB:
  117. - [Layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_Layer): use TCP as the listener protocol for ports 80 and 443.
  118. - [Layer 7](https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer): use HTTP as the listener protocol for port 80 and terminate TLS in the ELB
  120. Patch the nginx ingress controller deployment to add the flag `--publish-service`
  122. ``` console
  123. kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
  124. --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
  125. ```
  127. For L4:
  129. ``` console
  130. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml
  131. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml
  132. ```
  134. For L7:
  136. Change line of the file `provider/aws/service-l7.yaml` replacing the dummy id with a valid one `"arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"`
  137. Then execute:
  139. ``` console
  140. kubectl apply -f provider/aws/service-l7.yaml
  141. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml
  142. ```
  144. This example creates an ELB with just two listeners, one in port 80 and another in port 443
  146. ![Listeners](../docs/images/elb-l7-listener.png)
  148. If the ingress controller uses RBAC run:
  150. ``` console
  151. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
  152. ```
  154. If not run:
  156. ``` console
  157. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
  158. ```
  160. ### GCE - GKE
  162. Patch the nginx ingress controller deployment to add the flag `--publish-service`
  164. ``` console
  165. kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
  166. --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
  167. ```
  169. ``` console
  170. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/gce-gke/service.yaml \
  171. | kubectl apply -f -
  172. ```
  174. If the ingress controller uses RBAC run:
  176. ``` console
  177. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
  178. ```
  180. If not run:
  182. ``` console
  183. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
  184. ```
  186. **Important Note:** proxy protocol is not supported in GCE/GKE
  188. ### Azure
  190. Patch the nginx ingress controller deployment to add the flag `--publish-service`
  192. ``` console
  193. kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
  194. --patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
  195. ```
  197. ``` console
  198. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/azure/service.yaml \
  199. | kubectl apply -f -
  200. ```
  202. If the ingress controller uses RBAC run:
  204. ``` console
  205. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
  206. ```
  208. If not run:
  210. ``` console
  211. kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
  212. ```
  214. **Important Note:** proxy protocol is not supported in GCE/GKE
  216. ### Baremetal
  218. Using [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport):
  220. ``` console
  221. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml \
  222. | kubectl apply -f -
  223. ```
  225. Using Helm
  226. ----------
  228. NGINX Ingress controller can be installed via [Helm](https://helm.sh/) using the chart [stable/nginx](https://github.com/kubernetes/charts/tree/master/stable/nginx-ingress) from the official charts repository.
  229. To install the chart with the release name `my-nginx`:
  231. ``` console
  232. helm install stable/nginx-ingress --name my-nginx
  233. ```
  235. If the kubernetes cluster has RBAC enabled, then run:
  237. ``` console
  238. helm install stable/nginx-ingress --name my-nginx --set rbac.create=true
  239. ```
  241. Verify installation
  242. -------------------
  244. To check if the ingress controller pods have started, run the following command:
  246. ``` console
  247. kubectl get pods --all-namespaces -l app=ingress-nginx --watch
  248. ```
  250. Once the operator pods are running, you can cancel the above command by typing `Ctrl+C`.
  251. Now, you are ready to create your first ingress.
  253. Detect installed version
  254. ------------------------
  256. To detect which version of the ingress controller is running, exec into the pod and run `nginx-ingress-controller version` command.
  258. ``` console
  259. POD_NAMESPACE=ingress-nginx
  260. POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app=ingress-nginx -o jsonpath={.items[0].metadata.name})
  261. kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
  262. ```
  264. Deploying the config-map
  265. ------------------------
  267. A config map can be used to configure system components for the nginx-controller. In order to begin using a config-map
  268. make sure it has been created and is being used in the deployment.
  270. It is created as seen in the [Mandatory Commands](#mandatory-commands) section above.
  272. ``` console
  273. curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \
  274. | kubectl apply -f -
  275. ```
  277. and is setup to be used in the deployment [without-rbac](without-rbac.yaml) or [with-rbac](with-rbac.yaml) with the following line:
  279. ``` yaml
  280. - --configmap=$(POD_NAMESPACE)/nginx-configuration
  281. ```
  283. For information on using the config-map, see its [user-guide](../docs/user-guide/configmap.md).