741de6051c
* Fix nodeselectors for contiv and nginx-ingress Change-Id: Ib3eb6bd87193c69a90ee944c9164a0b6792c79ba * Set kube proxy mode to iptables for addons task Change-Id: Iff71a71f672405c74b4708c71db15ddc4391a53a |
||
---|---|---|
.. | ||
defaults | ||
tasks | ||
templates | ||
README.md |
Installation Guide
Contents
- Mandatory commands
- Install without RBAC roles
- Install with RBAC roles
- Custom Provider
- minikube
- AWS
- GCE - GKE
- Azure
- Baremetal
- Using Helm
- Verify installation
- Detect installed version
- Deploying the config-map
Generic Deployment
The following resources are required for a generic deployment.
Mandatory commands
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/namespace.yaml \
| kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/default-backend.yaml \
| kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \
| kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/tcp-services-configmap.yaml \
| kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/udp-services-configmap.yaml \
| kubectl apply -f -
Install without RBAC roles
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/without-rbac.yaml \
| kubectl apply -f -
Install with RBAC roles
Please check the RBAC document.
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/rbac.yaml \
| kubectl apply -f -
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/with-rbac.yaml \
| kubectl apply -f -
Custom Service Provider Deployment
There are cloud provider specific yaml files.
minikube
For standard usage:
minikube addons enable ingress
For development:
-
Disable the ingress addon:
$ minikube addons disable ingress
-
Use the docker daemon
-
Perform Mandatory commands
-
Install the
nginx-ingress-controller
deployment without RBAC roles or with RBAC roles -
Edit the
nginx-ingress-controller
deployment to use your custom image. Local images can be seen by performingdocker images
.$ kubectl edit deployment nginx-ingress-controller -n ingress-nginx
edit the following section:
image: <IMAGE-NAME>:<TAG> imagePullPolicy: IfNotPresent name: nginx-ingress-controller
-
Confirm the
nginx-ingress-controller
deployment exists:
$ kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
default-http-backend-66b447d9cf-rrlf9 1/1 Running 0 12s
nginx-ingress-controller-fdcdcd6dd-vvpgs 1/1 Running 0 11s
AWS
In AWS we use an Elastic Load Balancer (ELB) to expose the NGINX Ingress controller behind a Service of Type=LoadBalancer
.
This setup requires to choose in which layer (L4 or L7) we want to configure the ELB:
- Layer 4: use TCP as the listener protocol for ports 80 and 443.
- Layer 7: use HTTP as the listener protocol for port 80 and terminate TLS in the ELB
Patch the nginx ingress controller deployment to add the flag --publish-service
kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
--patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
For L4:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/service-l4.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l4.yaml
For L7:
Change line of the file provider/aws/service-l7.yaml
replacing the dummy id with a valid one "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
Then execute:
kubectl apply -f provider/aws/service-l7.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/aws/patch-configmap-l7.yaml
This example creates an ELB with just two listeners, one in port 80 and another in port 443
If the ingress controller uses RBAC run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
If not run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
GCE - GKE
Patch the nginx ingress controller deployment to add the flag --publish-service
kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
--patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/gce-gke/service.yaml \
| kubectl apply -f -
If the ingress controller uses RBAC run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
If not run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
Important Note: proxy protocol is not supported in GCE/GKE
Azure
Patch the nginx ingress controller deployment to add the flag --publish-service
kubectl patch deployment -n ingress-nginx nginx-ingress-controller --type='json' \
--patch="$(curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/publish-service-patch.yaml)"
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/azure/service.yaml \
| kubectl apply -f -
If the ingress controller uses RBAC run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-with-rbac.yaml
If not run:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/patch-service-without-rbac.yaml
Important Note: proxy protocol is not supported in GCE/GKE
Baremetal
Using NodePort:
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml \
| kubectl apply -f -
Using Helm
NGINX Ingress controller can be installed via Helm using the chart stable/nginx from the official charts repository.
To install the chart with the release name my-nginx
:
helm install stable/nginx-ingress --name my-nginx
If the kubernetes cluster has RBAC enabled, then run:
helm install stable/nginx-ingress --name my-nginx --set rbac.create=true
Verify installation
To check if the ingress controller pods have started, run the following command:
kubectl get pods --all-namespaces -l app=ingress-nginx --watch
Once the operator pods are running, you can cancel the above command by typing Ctrl+C
.
Now, you are ready to create your first ingress.
Detect installed version
To detect which version of the ingress controller is running, exec into the pod and run nginx-ingress-controller version
command.
POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app=ingress-nginx -o jsonpath={.items[0].metadata.name})
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
Deploying the config-map
A config map can be used to configure system components for the nginx-controller. In order to begin using a config-map make sure it has been created and is being used in the deployment.
It is created as seen in the Mandatory Commands section above.
curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/configmap.yaml \
| kubectl apply -f -
and is setup to be used in the deployment without-rbac or with-rbac with the following line:
- --configmap=$(POD_NAMESPACE)/nginx-configuration
For information on using the config-map, see its user-guide.