kubernetes · aledbf · Jan 5, 2017 · Jan 5, 2017 · Jan 5, 2017 · euank
diff --git a/examples/deployment/nginx/README.md b/examples/deployment/nginx/README.md
@@ -1,4 +1,4 @@
-# Deploying an Nginx Ingress controller
+# Deploying the Nginx Ingress controller
 
 This example aims to demonstrate the deployment of an nginx ingress controller.
 
@@ -7,35 +7,34 @@ This example aims to demonstrate the deployment of an nginx ingress controller.
 The default backend is a Service capable of handling all url paths and hosts the
 nginx controller doesn't understand. This most basic implementation just returns
 a 404 page:
-```console
-$ kubectl create -f default-backend.yaml
-replicationcontroller "default-http-backend" created
 
-$ kubectl expose rc default-http-backend --port=80 --target-port=8080 --name=default-http-backend
-service "default-http-backend" exposed
+```console
+$ kubectl apply -f default-backend.yaml
+deployment "default-http-backend" created
+service "default-http-backend" created
 
-$ kubectl get po
-NAME                             READY     STATUS              RESTARTS   AGE
-default-http-backend-ppqdj       1/1       Running             0          1m
+$ kubectl -n kube-system get po
+NAME                                    READY     STATUS    RESTARTS   AGE
+default-http-backend-2657704409-qgwdd   1/1       Running   0          28s
 ```
 
 ## Controller
 
 You can deploy the controller as follows:
 
 ```console
-$ kubectl create -f rc.yaml
-replicationcontroller "nginx-ingress-controller" created
+$ kubectl apply -f nginx-ingress-controller.yaml
+deployment "nginx-ingress-controller" created
 
-$ kubectl get po
-NAME                             READY     STATUS              RESTARTS   AGE
-default-http-backend-ppqdj       1/1       Running             0          1m
-nginx-ingress-controller-vbgf9   0/1       ContainerCreating   0          2s
+$ kubectl -n kube-system get po
+NAME                                       READY     STATUS    RESTARTS   AGE
+default-http-backend-2657704409-qgwdd      1/1       Running   0          2m
+nginx-ingress-controller-873061567-4n3k2   1/1       Running   0          42s
 ```
 
 Note the default settings of this controller:
 * serves a `/healthz` url on port 10254, as both a liveness and readiness probe
-* takes a `--default-backend-service` arg pointing to a Service, created above
+* takes a `--default-backend-service` argument pointing to the Service created above
 
 ## Running on a cloud provider
 
@@ -44,6 +43,3 @@ the provider also has a native Ingress controller and set the annotation
 `kubernetes.io/ingress.class: nginx` in all Ingresses meant for this controller.
 You might also need to open a firewall-rule for ports 80/443 of the nodes the
 controller is running on.
-
-
-
diff --git a/examples/deployment/nginx/default-backend.yaml b/examples/deployment/nginx/default-backend.yaml
@@ -1,15 +1,16 @@
-apiVersion: v1
-kind: ReplicationController
+apiVersion: extensions/v1beta1
+kind: Deployment
 metadata:
   name: default-http-backend
+  labels:
+    k8s-app: default-http-backend
+  namespace: kube-system
 spec:
   replicas: 1
-  selector:
-    app: default-http-backend
   template:
     metadata:
       labels:
-        app: default-http-backend
+        k8s-app: default-http-backend
     spec:
       terminationGracePeriodSeconds: 60
       containers:
@@ -34,3 +35,17 @@ spec:
           requests:
             cpu: 10m
             memory: 20Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: default-http-backend
+  namespace: kube-system
+  labels:
+    k8s-app: default-http-backend
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+  selector:
+    k8s-app: default-http-backend
diff --git a/examples/deployment/nginx/kubeadm/README.md b/examples/deployment/nginx/kubeadm/README.md
@@ -0,0 +1,38 @@
+# Deploying the Nginx Ingress controller on kubeadm clusters
+
+This example aims to demonstrate the deployment of an nginx ingress controller with kubeadm, 
+and is nearly the same as the the example above, but here the Ingress Controller is using 
+`hostNetwork: true` until the CNI kubelet networking plugin is compatible with `hostPort`
+(see issue: [kubernetes/kubernetes#31307](https://github.com/kubernetes/kubernetes/issues/31307))
+
+## Default Backend
+
+The default backend is a Service capable of handling all url paths and hosts the
+nginx controller doesn't understand. This most basic implementation just returns
+a 404 page.
+
+## Controller
+
+The Nginx Ingress Controller uses nginx (surprisingly!) to loadbalance requests that are coming to
+ports 80 and 443 to Services in the cluster.
+
+```console
+$ kubectl apply -f https://rawgit.com/kubernetes/ingress/master/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml
+deployment "default-http-backend" created
+service "default-http-backend" created
+deployment "nginx-ingress-controller" created
+```
+
+Note the default settings of this controller:
+* serves a `/healthz` url on port 10254, as both a liveness and readiness probe
+* automatically deploys the `gcr.io/google_containers/defaultbackend:1.0` image for serving 404 requests.
+
+At its current state, it only supports running on `amd64` nodes.
+
+## Running on a cloud provider
+
+If you're running this ingress controller on a cloudprovider, you should assume
+the provider also has a native Ingress controller and set the annotation
+`kubernetes.io/ingress.class: nginx` in all Ingresses meant for this controller.
+You might also need to open a firewall-rule for ports 80/443 of the nodes the
+controller is running on.
diff --git a/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml b/examples/deployment/nginx/kubeadm/nginx-ingress-controller.yaml
@@ -0,0 +1,105 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: default-http-backend
+  labels:
+    k8s-app: default-http-backend
+  namespace: kube-system
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        k8s-app: default-http-backend
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+      - name: default-http-backend
+        # Any image is permissable as long as:
+        # 1. It serves a 404 page at /
+        # 2. It serves 200 on a /healthz endpoint
+        image: gcr.io/google_containers/defaultbackend:1.0
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 30
+          timeoutSeconds: 5
+        ports:
+        - containerPort: 8080
+        resources:
+          limits:
+            cpu: 10m
+            memory: 20Mi
+          requests:
+            cpu: 10m
+            memory: 20Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: default-http-backend
+  namespace: kube-system
+  labels:
+    k8s-app: default-http-backend
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+  selector:
+    k8s-app: default-http-backend
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: nginx-ingress-controller
+  labels:
+    k8s-app: nginx-ingress-controller
+  namespace: kube-system
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        k8s-app: nginx-ingress-controller
+    spec:
+      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
+      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
+      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
+      # like with kubeadm
+      hostNetwork: true
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: gcr.io/google_containers/nginx-ingress-controller:0.8.3
+        name: nginx-ingress-controller
+        imagePullPolicy: Always
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 10254
+            scheme: HTTP
+          initialDelaySeconds: 10
+          timeoutSeconds: 1
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 443
+          hostPort: 443
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        args:
+        - /nginx-ingress-controller
+        - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
diff --git a/examples/deployment/nginx/rc.yaml → ...yment/nginx/nginx-ingress-controller.yaml b/examples/deployment/nginx/rc.yaml → ...yment/nginx/nginx-ingress-controller.yaml
@@ -1,23 +1,26 @@
-apiVersion: v1
-kind: ReplicationController
+apiVersion: extensions/v1beta1
+kind: Deployment
 metadata:
   name: nginx-ingress-controller
   labels:
-    k8s-app: nginx-ingress-lb
+    k8s-app: nginx-ingress-controller
+  namespace: kube-system
 spec:
   replicas: 1
-  selector:
-    k8s-app: nginx-ingress-lb
   template:
     metadata:
       labels:
-        k8s-app: nginx-ingress-lb
-        name: nginx-ingress-lb
+        k8s-app: nginx-ingress-controller
     spec:
+      # hostNetwork makes it possible to use ipv6 and to preserve the source IP correctly regardless of docker configuration
+      # however, it is not a hard dependency of the nginx-ingress-controller itself and it may cause issues if port 10254 already is taken on the host
+      # that said, since hostPort is broken on CNI (https://github.com/kubernetes/kubernetes/issues/31307) we have to use hostNetwork where CNI is used
+      # like with kubeadm
+      # hostNetwork: true
       terminationGracePeriodSeconds: 60
       containers:
       - image: gcr.io/google_containers/nginx-ingress-controller:0.8.3
-        name: nginx-ingress-lb
+        name: nginx-ingress-controller
         imagePullPolicy: Always
         readinessProbe:
           httpGet:
@@ -31,7 +34,11 @@ spec:
             scheme: HTTP
           initialDelaySeconds: 10
           timeoutSeconds: 1
-        # use downward API
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 443
+          hostPort: 443
         env:
           - name: POD_NAME
             valueFrom:
@@ -41,11 +48,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-        ports:
-        - containerPort: 80
-          hostPort: 80
-        - containerPort: 443
-          hostPort: 443
         args:
         - /nginx-ingress-controller
         - --default-backend-service=$(POD_NAMESPACE)/default-http-backend