Merge pull request #408 from gianrubio/fix-links

Review docs
kubernetes · Mar 10, 2017 · dd7f8b4 · dd7f8b4
2 parents ea7a936 + a2edde3
commit dd7f8b4
Show file tree

Hide file tree

Showing 15 changed files with 711 additions and 7 deletions.
diff --git a/controllers/nginx/configuration.md b/controllers/nginx/configuration.md
@@ -127,7 +127,7 @@ The secret must be created in the same namespace as the Ingress rule.
 ingress.kubernetes.io/auth-realm: "realm string"
 ```
 
-Please check the [auth](examples/auth/README.md) example.
+Please check the [auth](/examples/auth/nginx/README.md) example.
 
 ### Certificate Authentication
 
@@ -147,7 +147,7 @@ ingress.kubernetes.io/auth-tls-verify-depth
 
 The validation depth between the provided client certificate and the Certification Authority chain.
 
-Please check the [tls-auth](examples/auth/client-certs/README.md) example.
+Please check the [tls-auth](/examples/auth/client-certs/nginx/README.md) example.
 
 
 ### Enable CORS
@@ -164,7 +164,7 @@ Additionally it is possible to set `ingress.kubernetes.io/auth-method` to specif
 ingress.kubernetes.io/auth-url: "URL to the authentication service"
 ```
 
-Please check the [external-auth](examples/external-auth/README.md) example.
+Please check the [external-auth](/examples/auth/external-auth/nginx/README.md) example.
 
 
 ### Rewrite
@@ -210,7 +210,7 @@ To configure this setting globally for all Ingress rules, the `whitelist-source-
 
 *Note:* Adding an annotation to an Ingress rule overrides any global restriction.
 
-Please check the [whitelist](examples/affinity/cookie/nginx/README.md) example.
+Please check the [whitelist](/examples/affinity/cookie/nginx/README.md) example.
 
 
 ### Session Affinity
@@ -224,7 +224,7 @@ If you use the ``cookie`` type you can also specify the name of the cookie that
 In case of NGINX the annotation `ingress.kubernetes.io/session-cookie-hash` defines which algorithm will be used to 'hash' the used upstream. Default value is `md5` and possible values are `md5`, `sha1` and `index`.
 The `index` option  is not hashed, an in-memory index is used instead, it's quicker and the overhead is shorter Warning: the matching against upstream servers list is inconsistent. So, at reload, if upstreams servers has changed, index values are not guaranted to correspond to the same server as before! USE IT WITH CAUTION and only if you need to!
 
-In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here]https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf
+In NGINX this feature is implemented by the third party module [nginx-sticky-module-ng](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng). The workflow used to define which upstream server will be used is explained [here](https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/raw/08a395c66e425540982c00482f55034e1fee67b6/docs/sticky.pdf)
 
 
 

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -255,7 +255,7 @@ spec:
     spec:
       terminationGracePeriodSeconds: 60
       containers:
-      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0
+      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
         name: ingress-nginx
         imagePullPolicy: Always
         ports:

diff --git a/examples/auth/client-certs/nginx/nginx-tls-auth.yaml b/examples/auth/client-certs/nginx/nginx-tls-auth.yaml
@@ -6,7 +6,7 @@ metadata:
     ingress.kubernetes.io/auth-tls-secret: "default/caingress"
     ingress.kubernetes.io/auth-tls-verify-depth: "3"
     kubernetes.io/ingress.class: "nginx"
-  name: nginx-test 
+  name: nginx-test
   namespace: default
 spec:
   rules:

diff --git a/examples/auth/external-auth/nginx/README.md b/examples/auth/external-auth/nginx/README.md
@@ -0,0 +1,148 @@
+# External authentication
+
+### Example 1:
+
+Use an external service (Basic Auth) located in `https://httpbin.org` 
+
+```
+$ kubectl create -f ingress.yaml
+ingress "external-auth" created
+$ kubectl get ing external-auth
+NAME            HOSTS                         ADDRESS       PORTS     AGE
+external-auth   external-auth-01.sample.com   172.17.4.99   80        13s
+$ kubectl get ing external-auth -o yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-url: https://httpbin.org/basic-auth/user/passwd
+  creationTimestamp: 2016-10-03T13:50:35Z
+  generation: 1
+  name: external-auth
+  namespace: default
+  resourceVersion: "2068378"
+  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/external-auth
+  uid: 5c388f1d-8970-11e6-9004-080027d2dc94
+spec:
+  rules:
+  - host: external-auth-01.sample.com
+    http:
+      paths:
+      - backend:
+          serviceName: echoheaders
+          servicePort: 80
+        path: /
+status:
+  loadBalancer:
+    ingress:
+    - ip: 172.17.4.99
+$
+```
+
+Test 1: no username/password (expect code 401)
+```
+$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com'
+* Rebuilt URL to: http://172.17.4.99/
+*   Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 401 Unauthorized
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:52:08 GMT
+< Content-Type: text/html
+< Content-Length: 195
+< Connection: keep-alive
+< WWW-Authenticate: Basic realm="Fake Realm"
+<
+<html>
+<head><title>401 Authorization Required</title></head>
+<body bgcolor="white">
+<center><h1>401 Authorization Required</h1></center>
+<hr><center>nginx/1.11.3</center>
+</body>
+</html>
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+Test 2: valid username/password (expect code 200)
+```
+$ curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:passwd'
+* Rebuilt URL to: http://172.17.4.99/
+*   Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+* Server auth using Basic with user 'user'
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> Authorization: Basic dXNlcjpwYXNzd2Q=
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 200 OK
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:52:50 GMT
+< Content-Type: text/plain
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+<
+CLIENT VALUES:
+client_address=10.2.60.2
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://external-auth-01.sample.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.9.11 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+authorization=Basic dXNlcjpwYXNzd2Q=
+connection=close
+host=external-auth-01.sample.com
+user-agent=curl/7.50.1
+x-forwarded-for=10.2.60.1
+x-forwarded-host=external-auth-01.sample.com
+x-forwarded-port=80
+x-forwarded-proto=http
+x-real-ip=10.2.60.1
+BODY:
+* Connection #0 to host 172.17.4.99 left intact
+-no body in request-
+```
+
+Test 3: invalid username/password (expect code 401)
+```
+curl -k http://172.17.4.99 -v -H 'Host: external-auth-01.sample.com' -u 'user:user'
+* Rebuilt URL to: http://172.17.4.99/
+*   Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+* Server auth using Basic with user 'user'
+> GET / HTTP/1.1
+> Host: external-auth-01.sample.com
+> Authorization: Basic dXNlcjp1c2Vy
+> User-Agent: curl/7.50.1
+> Accept: */*
+>
+< HTTP/1.1 401 Unauthorized
+< Server: nginx/1.11.3
+< Date: Mon, 03 Oct 2016 14:53:04 GMT
+< Content-Type: text/html
+< Content-Length: 195
+< Connection: keep-alive
+* Authentication problem. Ignoring this.
+< WWW-Authenticate: Basic realm="Fake Realm"
+<
+<html>
+<head><title>401 Authorization Required</title></head>
+<body bgcolor="white">
+<center><h1>401 Authorization Required</h1></center>
+<hr><center>nginx/1.11.3</center>
+</body>
+</html>
+* Connection #0 to host 172.17.4.99 left intact
+```
diff --git a/examples/auth/external-auth/nginx/ingress.yaml b/examples/auth/external-auth/nginx/ingress.yaml
@@ -0,0 +1,15 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/auth-url: "https://httpbin.org/basic-auth/user/passwd"
+  name: external-auth
+spec:
+  rules:
+  - host: external-auth-01.sample.com
+    http:
+      paths:
+      - backend:
+          serviceName: echoheaders
+          servicePort: 80
+        path: /
diff --git a/examples/customization/custom-errors/nginx/README.md b/examples/customization/custom-errors/nginx/README.md
@@ -0,0 +1,82 @@
+This example shows how is possible to use a custom backend to render custom error pages. The code of this example is located here [nginx-debug-server](https://github.com/aledbf/contrib/tree/nginx-debug-server)
+
+
+The idea is to use the headers `X-Code` and `X-Format` that NGINX pass to the backend in case of an error to find out the best existent representation of the response to be returned. i.e. if the request contains an `Accept` header of type `json` the error should be in that format and not in `html` (the default in NGINX).
+
+First create the custom backend to use in the Ingress controller
+
+```
+$ kubectl create -f custom-default-backend.yaml
+service "nginx-errors" created
+replicationcontroller "nginx-errors" created
+```
+
+```
+$ kubectl get svc
+NAME                    CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
+echoheaders             10.3.0.7     nodes         80/TCP          23d
+kubernetes              10.3.0.1     <none>        443/TCP         34d
+nginx-errors            10.3.0.102   <none>        80/TCP          11s
+```
+
+```
+$ kubectl get rc
+CONTROLLER             REPLICAS   AGE
+echoheaders            1          19d
+nginx-errors           1          19s
+```
+
+Next create the Ingress controller executing
+```
+$ kubectl create -f rc-custom-errors.yaml
+```
+
+Now to check if this is working we use curl:
+
+```
+$ curl -v http://172.17.4.99/
+*   Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: 172.17.4.99
+> User-Agent: curl/7.43.0
+> Accept: */*
+>
+< HTTP/1.1 404 Not Found
+< Server: nginx/1.10.0
+< Date: Wed, 04 May 2016 02:53:45 GMT
+< Content-Type: text/html
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+< Vary: Accept-Encoding
+<
+<span>The page you're looking for could not be found.</span>
+
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+Specifying json as expected format:
+
+```
+$ curl -v http://172.17.4.99/ -H 'Accept: application/json'
+*   Trying 172.17.4.99...
+* Connected to 172.17.4.99 (172.17.4.99) port 80 (#0)
+> GET / HTTP/1.1
+> Host: 172.17.4.99
+> User-Agent: curl/7.43.0
+> Accept: application/json
+>
+< HTTP/1.1 404 Not Found
+< Server: nginx/1.10.0
+< Date: Wed, 04 May 2016 02:54:00 GMT
+< Content-Type: text/html
+< Transfer-Encoding: chunked
+< Connection: keep-alive
+< Vary: Accept-Encoding
+<
+{ "message": "The page you're looking for could not be found" }
+
+* Connection #0 to host 172.17.4.99 left intact
+```
+
+By default the Ingress controller provides support for `html`, `json` and `XML`.
diff --git a/examples/customization/custom-errors/nginx/custom-default-backend.yaml b/examples/customization/custom-errors/nginx/custom-default-backend.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-errors
+  labels:
+    app: nginx-errors
+spec:
+  ports:
+  - port: 80
+    targetPort: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: nginx-errors
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginx-errors
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nginx-errors
+    spec:
+      containers:
+      - name: nginx-errors
+        image: aledbf/nginx-error-server:0.1
+        ports:
+        - containerPort: 80
diff --git a/examples/customization/custom-errors/nginx/rc-custom-errors.yaml b/examples/customization/custom-errors/nginx/rc-custom-errors.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginx-ingress-controller
+  labels:
+    k8s-app: nginx-ingress-lb
+spec:
+  replicas: 1
+  selector:
+    k8s-app: nginx-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: nginx-ingress-lb
+        name: nginx-ingress-lb
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.2
+        name: nginx-ingress-lb
+        imagePullPolicy: Always
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          timeoutSeconds: 1
+        # use downward API
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 443
+          hostPort: 443
+        args:
+        - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/nginx-errors