diff --git a/examples/deployment/nginx/README.md b/examples/deployment/nginx/README.md index 4d0addf8fe..7adf49811c 100644 --- a/examples/deployment/nginx/README.md +++ b/examples/deployment/nginx/README.md @@ -1,4 +1,4 @@ -# Deploying an Nginx Ingress controller +# Deploying the Nginx Ingress controller This example aims to demonstrate the deployment of an nginx ingress controller. @@ -7,16 +7,15 @@ This example aims to demonstrate the deployment of an nginx ingress controller. The default backend is a Service capable of handling all url paths and hosts the nginx controller doesn't understand. This most basic implementation just returns a 404 page: -```console -$ kubectl create -f default-backend.yaml -replicationcontroller "default-http-backend" created -$ kubectl expose rc default-http-backend --port=80 --target-port=8080 --name=default-http-backend -service "default-http-backend" exposed +```console +$ kubectl apply -f default-backend.yaml +deployment "default-http-backend" created +service "default-http-backend" created -$ kubectl get po -NAME READY STATUS RESTARTS AGE -default-http-backend-ppqdj 1/1 Running 0 1m +$ kubectl -n kube-system get po +NAME READY STATUS RESTARTS AGE +default-http-backend-2657704409-qgwdd 1/1 Running 0 28s ``` ## Controller @@ -24,18 +23,18 @@ default-http-backend-ppqdj 1/1 Running 0 1m You can deploy the controller as follows: ```console -$ kubectl create -f rc.yaml -replicationcontroller "nginx-ingress-controller" created +$ kubectl apply -f nginx-ingress-controller.yaml +deployment "nginx-ingress-controller" created -$ kubectl get po -NAME READY STATUS RESTARTS AGE -default-http-backend-ppqdj 1/1 Running 0 1m -nginx-ingress-controller-vbgf9 0/1 ContainerCreating 0 2s +$ kubectl -n kube-system get po +NAME READY STATUS RESTARTS AGE +default-http-backend-2657704409-qgwdd 1/1 Running 0 2m +nginx-ingress-controller-873061567-4n3k2 1/1 Running 0 42s ``` Note the default settings of this controller: * serves a `/healthz` url on port 10254, as both a liveness and readiness probe -* takes a `--default-backend-service` arg pointing to a Service, created above +* takes a `--default-backend-service` argument pointing to the Service created above ## Running on a cloud provider @@ -44,6 +43,3 @@ the provider also has a native Ingress controller and set the annotation `kubernetes.io/ingress.class: nginx` in all Ingresses meant for this controller. You might also need to open a firewall-rule for ports 80/443 of the nodes the controller is running on. - - - diff --git a/examples/deployment/nginx/default-backend.yaml b/examples/deployment/nginx/default-backend.yaml index 77b4f67428..3c40989a31 100644 --- a/examples/deployment/nginx/default-backend.yaml +++ b/examples/deployment/nginx/default-backend.yaml @@ -1,15 +1,16 @@ -apiVersion: v1 -kind: ReplicationController +apiVersion: extensions/v1beta1 +kind: Deployment metadata: name: default-http-backend + labels: + k8s-app: default-http-backend + namespace: kube-system spec: replicas: 1 - selector: - app: default-http-backend template: metadata: labels: - app: default-http-backend + k8s-app: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: @@ -34,3 +35,17 @@ spec: requests: cpu: 10m memory: 20Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: kube-system + labels: + k8s-app: default-http-backend +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + k8s-app: default-http-backend diff --git a/examples/deployment/nginx/kubeadm/README.md b/examples/deployment/nginx/kubeadm/README.md new file mode 100644 index 0000000000..6174d16515 --- /dev/null +++ b/examples/deployment/nginx/kubeadm/README.md @@ -0,0 +1,38 @@ +# Deploying the Nginx Ingress controller on kubeadm clusters + +This example aims to demonstrate the deployment of an nginx ingress controller with kubeadm, +and is nearly the same as the the example above, but here the Ingress Controller is using +`hostNetwork: true` until the CNI kubelet networking plugin is compatible with `hostPort` +(see issue: [kubernetes/kubernetes#31307](https://github.com/kubernetes/kubernetes/issues/31307)) + +## Default Backend + +The default backend is a Service capable of handling all url paths and hosts the +nginx controller doesn't understand. This most basic implementation just returns +a 404 page. + +## Controller + +The Nginx Ingress Controller uses nginx (surprisingly!) to loadbalance requests that are coming to +ports 80 and 443 to Services in the cluster. + +```console +$ kubectl apply -f https://rawgit.com/kubernetes/ingress/master/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml +deployment "default-http-backend" created +service "default-http-backend" created +deployment "nginx-ingress-controller" created +``` + +Note the default settings of this controller: +* serves a `/healthz` url on port 10254, as both a liveness and readiness probe +* automatically deploys the `gcr.io/google_containers/defaultbackend:1.0` image for serving 404 requests. + +At its current state, it only supports running on `amd64` nodes. + +## Running on a cloud provider + +If you're running this ingress controller on a cloudprovider, you should assume +the provider also has a native Ingress controller and set the annotation +`kubernetes.io/ingress.class: nginx` in all Ingresses meant for this controller. +You might also need to open a firewall-rule for ports 80/443 of the nodes the +controller is running on. diff --git a/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml b/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml new file mode 100644 index 0000000000..d02dc097cc --- /dev/null +++ b/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml @@ -0,0 +1,105 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: default-http-backend + labels: + k8s-app: default-http-backend + namespace: kube-system +spec: + replicas: 1 + template: + metadata: + labels: + k8s-app: default-http-backend + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: default-http-backend + # Any image is permissable as long as: + # 1. It serves a 404 page at / + # 2. It serves 200 on a /healthz endpoint + image: gcr.io/google_containers/defaultbackend:1.0 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: default-http-backend + namespace: kube-system + labels: + k8s-app: default-http-backend +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + k8s-app: default-http-backend +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: nginx-ingress-controller + labels: + k8s-app: nginx-ingress-controller + namespace: kube-system +spec: + replicas: 1 + template: + metadata: + labels: + k8s-app: nginx-ingress-controller + spec: + # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration + # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host + # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used + # like with kubeadm + hostNetwork: true + terminationGracePeriodSeconds: 60 + containers: + - image: gcr.io/google_containers/nginx-ingress-controller:0.8.3 + name: nginx-ingress-controller + imagePullPolicy: Always + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + ports: + - containerPort: 80 + hostPort: 80 + - containerPort: 443 + hostPort: 443 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/default-http-backend diff --git a/examples/deployment/nginx/rc.yaml b/examples/deployment/nginx/nginx-ingress-controller.yaml similarity index 61% rename from examples/deployment/nginx/rc.yaml rename to examples/deployment/nginx/nginx-ingress-controller.yaml index 7577c8b7ba..62bb1e16a9 100644 --- a/examples/deployment/nginx/rc.yaml +++ b/examples/deployment/nginx/nginx-ingress-controller.yaml @@ -1,23 +1,26 @@ -apiVersion: v1 -kind: ReplicationController +apiVersion: extensions/v1beta1 +kind: Deployment metadata: name: nginx-ingress-controller labels: - k8s-app: nginx-ingress-lb + k8s-app: nginx-ingress-controller + namespace: kube-system spec: replicas: 1 - selector: - k8s-app: nginx-ingress-lb template: metadata: labels: - k8s-app: nginx-ingress-lb - name: nginx-ingress-lb + k8s-app: nginx-ingress-controller spec: + # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration + # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host + # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used + # like with kubeadm + # hostNetwork: true terminationGracePeriodSeconds: 60 containers: - image: gcr.io/google_containers/nginx-ingress-controller:0.8.3 - name: nginx-ingress-lb + name: nginx-ingress-controller imagePullPolicy: Always readinessProbe: httpGet: @@ -31,7 +34,11 @@ spec: scheme: HTTP initialDelaySeconds: 10 timeoutSeconds: 1 - # use downward API + ports: + - containerPort: 80 + hostPort: 80 + - containerPort: 443 + hostPort: 443 env: - name: POD_NAME valueFrom: @@ -41,11 +48,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - ports: - - containerPort: 80 - hostPort: 80 - - containerPort: 443 - hostPort: 443 args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/default-http-backend